Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postnuke software foundation postnuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1699
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
Postnuke Software Foundation Postnuke 0.760 Rc3
NA
CVE-2006-5121
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote malicious users to execute arbitrary SQL commands via the hits parameter.
Postnuke Software Foundation Postnuke 0.762
NA
CVE-2005-1050
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote malicious users to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
Postnuke Software Foundation Postnuke 0.760 Rc3
NA
CVE-2005-1049
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote malicious users to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced ...
Postnuke Software Foundation Postnuke 0.760 Rc3
2 EDB exploits
NA
CVE-2004-2752
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote malicious users to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.
Postnuke Software Foundation Postnuke 0.726
NA
CVE-2005-2689
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote malicious users to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
Postnuke Software Foundation Postnuke 0.76 Rc4b
2 EDB exploits
NA
CVE-2005-1694
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote malicious users to execute arbitrary SQL commands via the (1) name or (2) module parameter.
Postnuke Software Foundation Postnuke 0.750
NA
CVE-2002-2015
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote malicious users to include arbitrary files and possibly execute code via the caselist parameter.
Postnuke Software Foundation Postnuke 0.703
1 EDB exploit
NA
CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and previous versions allows remote malicious users to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
Postnuke Software Foundation Postnuke 0.726
NA
CVE-2004-1956
PostNuke 0.7.2.6 allows remote malicious users to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path ...
Postnuke Software Foundation Postnuke 0.726
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »