Cabezon Aurélien

CVE-2001-1524 EXPLOITDB text WRITEUP

PHP-Nuke <= 5.3.1 - Cross-Site Scripting via Multiple Parameters

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

View Code

CVE-2001-1524 EXPLOITDB text WRITEUP

PHP-Nuke <= 5.3.1 - Cross-Site Scripting via Multiple Parameters

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

View Code

CVE-2001-0899 EXPLOITDB text WRITEUP

Network Tools 0.2 - Command Injection

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

View Code