RSS   Vulnerabilities for 'Php-nuke'   RSS

2008-08-10
 
CVE-2008-3573

CWE-189
 
 
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.

 
2008-04-29
 
CVE-2008-2020

CWE-264
 
 
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

 
2001-11-16
 
CVE-2001-0899

CWE-Other
 
 
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

 

 >>> Vendor: Php-nuke 24 Products
Php-nuke
News module
Pool module
EV
Sections module
Advanced classified module
INP
Recipe module
Autohtml module
Mermaid module
Emporium module
Iframe module
Eboard module
Satel lite
Php-nuke module docum
Inhalt module
Manuales
Nukec module
Hadith module
Zclassifieds
Downloadsplus module
League module
Current issue module
Downloads module

Copyright 2024, cxsecurity.com

 

Back to Top