Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
francisco burzi vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2001-1032
admin.php in PHP-Nuke 5.2 and previous versions, except 5.0RC1, does not check login credentials for upload operations, which allows remote malicious users to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload par...
Francisco Burzi Php-nuke
454
VMScore
CVE-2007-5032
Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote malicious users to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.
Francisco Burzi Php-nuke
445
VMScore
CVE-2001-0321
opendir.php script in PHP-Nuke allows remote malicious users to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
Francisco Burzi Php-nuke 8.0 Final
755
VMScore
CVE-2005-3304
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote malicious users to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in th...
Francisco Burzi Php-nuke 7.8
1 EDB exploit
445
VMScore
CVE-2003-1526
PHP-Nuke 7.0 allows remote malicious users to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
Francisco Burzi Php-nuke 7.0
755
VMScore
CVE-2007-6376
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this informati...
Francisco Burzi Php-nuke 8.0 Final
1 EDB exploit
668
VMScore
CVE-2006-0907
SQL injection vulnerability in PHP-Nuke prior to 7.8 Patched 3.2 allows remote malicious users to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstr...
Francisco Burzi Php-nuke 7.8
668
VMScore
CVE-2006-0908
PHP-Nuke 7.8 Patched 3.2 allows remote malicious users to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
Francisco Burzi Php-nuke 7.8 Patched 3.2
383
VMScore
CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is u...
Francisco Burzi Php-nuke 7.8
445
VMScore
CVE-2005-0998
The Web_Links module for PHP-Nuke 7.6 allows remote malicious users to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.
Francisco Burzi Php-nuke 7.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »