Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postnuke software foundation postnuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and previous versions allows remote malicious users to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
Postnuke Software Foundation Postnuke 0.726
NA
CVE-2004-1956
PostNuke 0.7.2.6 allows remote malicious users to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path ...
Postnuke Software Foundation Postnuke 0.726
NA
CVE-2005-1048
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote malicious users to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.
Postnuke Software Foundation Postnuke 0.760 Rc3
NA
CVE-2005-1049
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote malicious users to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced ...
Postnuke Software Foundation Postnuke 0.760 Rc3
2 EDB exploits
NA
CVE-2005-1050
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote malicious users to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
Postnuke Software Foundation Postnuke 0.760 Rc3
NA
CVE-2007-1158
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 up to and including 6.3.0 beta 5 module for PostNuke allows remote malicious users to read arbitrary files via a .. (dot dot) in the id parameter.
Postnuke Software Foundation Pagesetter 6.3.0
Postnuke Software Foundation Pagesetter 6.2
1 EDB exploit
NA
CVE-2007-2492
SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.
Postnuke Software Foundation Postnuke V4bjournal Module 0.99
1 EDB exploit
NA
CVE-2008-2191
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and previous versions for PostNuke allows remote malicious users to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
Postnuke Software Foundation Pnencyclopedia
1 EDB exploit
NA
CVE-2007-3584
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and previous versions for Postnuke allows remote malicious users to execute arbitrary SQL commands via the order parameter.
Postnuke Software Foundation Pnphpbb2
1 EDB exploit
NA
CVE-2007-3052
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and previous versions module for PostNuke allows remote malicious users to execute arbitrary SQL commands via the c parameter.
Postnuke Software Foundation Pnphpbb
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »