Vulnerabilities > Postnuke Software Foundation > Postnuke > 0.760.rc2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-02 | CVE-2006-6233 | SQL-Injection vulnerability in Postnuke SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. | 7.5 |
| 2005-05-24 | CVE-2005-1695 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2/0.760Rc3 Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. | 2.6 |
| 2005-05-16 | CVE-2005-1621 | Directory Traversal vulnerability in Postnuke Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-05-02 | CVE-2005-0617 | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0615 | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.760Rc2 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | 7.5 |