Filtered by vendor Francisco Burzi
Subscribe
Total
99 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. | |||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | |||||
| CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | |||||
| CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | |||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2004-2044 | 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more | 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | |||||
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | |||||
| CVE-2001-1524 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. | |||||
| CVE-2001-0383 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. | |||||
| CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | |||||
| CVE-2003-0279 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 2.6 LOW | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | |||||
| CVE-2004-1989 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | |||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | |||||
| CVE-2004-1984 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. | |||||
| CVE-2001-0321 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. | |||||
| CVE-2003-0318 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | |||||
| CVE-2005-0998 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | |||||
| CVE-2005-3016 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. | |||||