Vulnerabilities > Postnuke Software Foundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-14 | CVE-2008-2191 | SQL Injection vulnerability in Postnuke Software Foundation Pnencyclopedia SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. | 6.8 |
| 2007-03-02 | CVE-2007-1158 | Local File Include vulnerability in Pagesetter 6.2/6.3.0 Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-01-19 | CVE-2007-0384 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.764 Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
| 2006-02-20 | CVE-2006-0801 | Input Validation vulnerability in PostNuke SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | 5.1 |
| 2005-05-24 | CVE-2005-1699 | Directory Traversal vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. | 4.0 |
| 2005-05-16 | CVE-2005-1621 | Directory Traversal vulnerability in Postnuke Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-05-02 | CVE-2005-1050 | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | 5.0 |
| 2005-02-28 | CVE-2005-0616 | Cross-Site Scripting vulnerability in Download module for PostNuke Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. network postnuke-software-foundation | 4.3 |
| 2004-12-31 | CVE-2004-2752 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.726 Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | 4.3 |
| 2004-12-31 | CVE-2004-2751 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 |