Vulnerabilities > Francisco Burzi > PHP Nuke > 8.0.final
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-15 | CVE-2007-6376 | Path Traversal vulnerability in Francisco Burzi PHP-Nuke 8.0Final Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2004-12-31 | CVE-2004-1914 | Multiple vulnerability in NukeCalendar SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1913 | Multiple vulnerability in NukeCalendar Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1912 | Multiple vulnerability in NukeCalendar The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | 5.0 |
| 2004-07-27 | CVE-2004-0738 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | 7.5 |
| 2004-07-27 | CVE-2004-0737 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. | 7.5 |
| 2004-07-27 | CVE-2004-0736 | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 8.0Final The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. | 5.0 |
| 2004-07-27 | CVE-2004-0732 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | 7.5 |
| 2004-07-27 | CVE-2004-0731 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 8.0Final Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. network francisco-burzi | 6.8 |
| 2001-12-31 | CVE-2001-1522 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. network francisco-burzi | 4.3 |