Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2008-01-25	CVE-2008-0461	SQL Injection vulnerability in Francisco Burzi PHP-Nuke SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. network francisco-burzi CWE-89	6.8
2007-09-21	CVE-2007-5032	Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. network high complexity francisco-burzi CWE-352	5.1
2007-02-22	CVE-2007-1061	SQL Injection vulnerability in PHP-Nuke SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). network francisco-burzi	6.8
2006-04-19	CVE-2006-1846	Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8 Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. network francisco-burzi	4.3
2006-02-13	CVE-2006-0676	Cross-Site Scripting vulnerability in PHPNuke Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. network francisco-burzi	4.3
2005-12-15	CVE-2005-4260	Unspecified vulnerability in Francisco Burzi PHP-Nuke Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. network francisco-burzi	4.3
2005-05-03	CVE-2005-1386	Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. network low complexity francisco-burzi	5.0
2005-05-02	CVE-2005-1180	Remote Security vulnerability in Francisco Burzi PHP-Nuke 7.6 HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. network low complexity francisco-burzi	5.0
2005-05-02	CVE-2005-1027	Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. network francisco-burzi	4.3
2005-05-02	CVE-2005-1024	Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. network low complexity francisco-burzi	5.0