Vulnerabilities > Francisco Burzi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-07-27 | CVE-2004-0738 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | 7.5 |
| 2004-07-27 | CVE-2004-0737 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. | 7.5 |
| 2004-07-27 | CVE-2004-0736 | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 8.0Final The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. | 5.0 |
| 2004-07-27 | CVE-2004-0732 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | 7.5 |
| 2004-07-27 | CVE-2004-0731 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 8.0Final Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. network francisco-burzi | 6.8 |
| 2004-06-01 | CVE-2004-2044 | PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | 7.5 |
| 2004-05-05 | CVE-2004-2000 | SQL Injection vulnerability in PHP-Nuke Modules.php SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | 7.5 |
| 2004-05-05 | CVE-2004-1999 | Cross-Site Scripting vulnerability in PHP-Nuke Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. network francisco-burzi | 4.3 |
| 2004-05-05 | CVE-2004-1998 | Information Disclosure vulnerability in PHP-Nuke The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | 5.0 |
| 2004-05-02 | CVE-2004-1984 | Information Disclosure vulnerability in Coppermine Photo Gallery Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. | 5.0 |