Filtered by vendor Postnuke Software Foundation
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0739 | 1 Postnuke Software Foundation | 1 Postcalendar | 2025-04-03 | N/A |
| Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. | ||||
| CVE-2005-0617 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | ||||
| CVE-2005-1048 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750. | ||||
| CVE-2005-1049 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. | ||||
| CVE-2005-1050 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | ||||
| CVE-2006-0801 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | ||||
| CVE-2006-0802 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. | ||||
| CVE-2006-4968 | 1 Postnuke Software Foundation | 1 Pnphpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2004-1956 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | ||||