VYPR

Vendor CVEs

Warpspeed

All CVEs

87 total · sorted by risk
  • CVE-2004-1842HigDec 31, 2004
    risk 0.60cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

  • CVE-2008-2020HigApr 30, 2008
    risk 0.49cvss 7.5epss 0.02

    The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and…

  • CVE-2006-4968Sep 25, 2006
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-0146Jan 9, 2006
    risk 0.04cvss epss 0.13

    The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to…

  • CVE-2006-0147Jan 9, 2006
    risk 0.04cvss epss 0.13

    Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote…

  • CVE-2002-2015Dec 31, 2002
    risk 0.04cvss epss 0.09

    PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.

  • CVE-2002-0535Jul 3, 2002
    risk 0.04cvss epss 0.07

    Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.

  • CVE-2002-0206May 16, 2002
    risk 0.04cvss epss 0.07

    index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.

  • CVE-2001-0899Nov 16, 2001
    risk 0.04cvss epss 0.09

    Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

  • CVE-2014-3934Jun 2, 2014
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.

  • CVE-2010-5083Feb 14, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.

  • CVE-2009-1842Jun 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

  • CVE-2008-6779May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.

  • CVE-2008-3151Jul 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

  • CVE-2008-2191May 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.

  • CVE-2008-2012Apr 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.

  • CVE-2008-1220Mar 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-1219Mar 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

  • CVE-2008-1053Feb 27, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.

  • CVE-2008-0881Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.

  • CVE-2008-0880Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

  • CVE-2008-0879Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.

  • CVE-2008-0827Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2007-3584Jul 5, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2007-3052Jun 6, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.

  • CVE-2007-2492May 4, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.

  • CVE-2007-1937Apr 10, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.

  • CVE-2007-1158Mar 2, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2006-5733Nov 6, 2006
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log…

  • CVE-2006-5525Oct 26, 2006
    risk 0.03cvss epss 0.01

    Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via…

  • CVE-2006-5494Oct 25, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap…

  • CVE-2006-4563Sep 6, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php.

  • CVE-2006-0805Feb 21, 2006
    risk 0.03cvss epss 0.03

    The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid…

  • CVE-2006-0800Feb 20, 2006
    risk 0.03cvss epss 0.02

    Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the…

  • CVE-2006-0801Feb 20, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.

  • CVE-2005-2689Aug 24, 2005
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.

  • CVE-2005-2690Aug 24, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.

  • CVE-2005-1777May 31, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.

  • CVE-2005-1049May 2, 2005
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for…

  • CVE-2004-1821Mar 15, 2004
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.

  • CVE-2004-1820Mar 15, 2004
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.

  • CVE-2003-1545Dec 31, 2003
    risk 0.03cvss epss 0.04

    Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.

  • CVE-2001-1460Oct 13, 2001
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

  • CVE-2026-33914Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the `categoriesUpdate` administrative function. The `dels` POST parameter is…

  • CVE-2011-3784Sep 24, 2011
    risk 0.00cvss epss 0.01

    Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.

  • CVE-2011-1482Jun 21, 2011
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a…

  • CVE-2011-1481Jun 21, 2011
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.

  • CVE-2011-1480Jun 21, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.

  • CVE-2008-6728Apr 20, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

  • CVE-2007-4212Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element,…

Page 1 of 2