Postnuke Software Foundation

Postnuke

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2007-0386

  • EPSS 0.38%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."

7.8

CVE-2007-0385

  • EPSS 0.5%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

5.1

CVE-2007-0384

  • EPSS 1.04%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.8

CVE-2006-6267

  • EPSS 0.55%
  • Veröffentlicht 04.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.

7.5

CVE-2006-6233

  • EPSS 0.47%
  • Veröffentlicht 02.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownl...

7.5

CVE-2006-5733

Exploit
  • EPSS 11.17%
  • Veröffentlicht 06.11.2006 18:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into a...

7.5

CVE-2006-5121

  • EPSS 0.79%
  • Veröffentlicht 03.10.2006 04:03:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.

5.1

CVE-2006-0801

  • EPSS 1.58%
  • Veröffentlicht 20.02.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.

2.6

CVE-2006-0800

Exploit
  • EPSS 7.48%
  • Veröffentlicht 20.02.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the bla...

2.6

CVE-2006-0802

  • EPSS 0.53%
  • Veröffentlicht 20.02.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translatio...