Vendor Dictionary: PostNuke

PostNuke

Short Name:	PostNuke
Previous Names:	[None Entered]
URL:	http://www.postnuke.com/ [visit link]
Email:	[None Entered]
Security URL:	http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=38 [visit link]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	Security reporting web form: http://news.postnuke.com/index.php?module=vpContact Bugs online form: http://noc.postnuke.com/tracker/?atid=101&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;a
Full Details...

Vulnerabilities by Vendor Product

PostNuke

PostNuke

: 0.750; OSVDB ID: 16799 PostNuke RSS Module simple_smarty.php Path Disclosure; 0.760RC2; OSVDB ID: 16799 PostNuke RSS Module simple_smarty.php Path Disclosure; RC3; OSVDB ID: 16799 PostNuke RSS Module simple_smarty.php Path Disclosure

PostNuke: 0.7.2.3-Phoenix; OSVDB ID: 2137 PostNuke user.php img src Parameter XSS; OSVDB ID: 3194 PostNuke FAQ Module img src Parameter XSS; OSVDB ID: 5514 PostNuke Members_List Module img src Parameter XSS; OSVDB ID: 5518 PostNuke Search Field Path Disclosure; OSVDB ID: 5520 PostNuke Stats Module Path Disclosure; 0.723; OSVDB ID: 5368 PostNuke index.php sif Parameter SQL Injection; 0.726; OSVDB ID: 5368 PostNuke index.php sif Parameter SQL Injection; 0.726-1; OSVDB ID: 5368 PostNuke index.php sif Parameter SQL Injection; 0.5.x; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.6.x; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.0.x; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.1.x; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.0; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.1; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.2; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.3; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.4; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.5; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; 0.7.2.6; OSVDB ID: 5369 PostNuke changeinfo.php timezoneoffset Parameter SQL Injection; OSVDB ID: 5630 PostNuke openwindow.php hlpfile Parameter XSS; 0.62; OSVDB ID: 5628 PostNuke Downloads Module Multiple Parameter XSS; 0.63; OSVDB ID: 5628 PostNuke Downloads Module Multiple Parameter XSS; 0.64; OSVDB ID: 5628 PostNuke Downloads Module Multiple Parameter XSS; 0.71; OSVDB ID: 5628 PostNuke Downloads Module Multiple Parameter XSS; 0.72; OSVDB ID: 5499 PostNuke News Module article.php sid Parameter XSS; OSVDB ID: 9902 PostNuke News Module index.php topic Parameter XSS; OSVDB ID: 5628 PostNuke Downloads Module Multiple Parameter XSS; 0.726-3; OSVDB ID: 8064 PostNuke Reviews Module title Parameter XSS; 0.75-RC3; OSVDB ID: 8064 PostNuke Reviews Module title Parameter XSS; .710; OSVDB ID: 5503 PostNuke index.php catid Parameter XSS; OSVDB ID: 5502 PostNuke modules.php name Parameter XSS; .703; OSVDB ID: 5503 PostNuke index.php catid Parameter XSS; OSVDB ID: 5502 PostNuke modules.php name Parameter XSS; .7; OSVDB ID: 5503 PostNuke index.php catid Parameter XSS; OSVDB ID: 5502 PostNuke modules.php name Parameter XSS; .6xx; OSVDB ID: 5503 PostNuke index.php catid Parameter XSS; OSVDB ID: 5502 PostNuke modules.php name Parameter XSS; 2.0; OSVDB ID: 9792 PostNuke Subjects Module Multiple Parameter SQL Injection; 0.721; OSVDB ID: 5499 PostNuke News Module article.php sid Parameter XSS; OSVDB ID: 9902 PostNuke News Module index.php topic Parameter XSS; 0.760-RC3; OSVDB ID: 15368 PostNuke Reviews Module id Variable Path Disclosure; OSVDB ID: 15371 PostNuke modules.php sid Parameter SQL Injection; OSVDB ID: 15369 PostNuke admin.php module Parameter XSS; OSVDB ID: 15370 PostNuke user.php op Parameter XSS; 0.750-phoenix; OSVDB ID: 10208 PostNuke CMS footer.php Path Disclosure; OSVDB ID: 10209 PostNuke CMS Downloads Module admin.php Path Disclosure; OSVDB ID: 10210 PostNuke CMS FAQ Module admin.php Path Disclosure; OSVDB ID: 10211 PostNuke CMS Reviews Module admin.php Path Disclosure; OSVDB ID: 10212 PostNuke CMS Sections Module admin.php Path Disclosure; OSVDB ID: 10213 PostNuke CMS Submit News Module admin.php Path Disclosure; OSVDB ID: 10214 PostNuke CMS Top List Module admin.php Path Disclosure; OSVDB ID: 10215 PostNuke CMS Web Links Module admin.php Path Disclosure; 0.750; OSVDB ID: 16790 PostNuke Xanthia Module demo.php Multiple Parameter XSS; OSVDB ID: 16796 PostNuke RSS Module magpie_slashbox.php rss_url Parameter XSS; OSVDB ID: 14284 PostNuke funcs.php getArticles Function SQL Injection; OSVDB ID: 15924 PostNuke admin.php catid Parameter SQL Injection; OSVDB ID: 14282 PostNuke dl-search.php Multiple Parameter SQL Injection; OSVDB ID: 16781 PostNuke Message Module readpmsg.php Start Parameter SQL Injection; 0.760-RC2; OSVDB ID: 15922 PostNuke index.php catid Parameter SQL Injection; OSVDB ID: 14284 PostNuke funcs.php getArticles Function SQL Injection; OSVDB ID: 15924 PostNuke admin.php catid Parameter SQL Injection; OSVDB ID: 14282 PostNuke dl-search.php Multiple Parameter SQL Injection; OSVDB ID: 15923 PostNuke modules.php catid Parameter SQL Injection; .750; OSVDB ID: 16782 PostNuke user.php Path Disclosure; OSVDB ID: 53010 PostNuke install.php Admin Password Disclosure; OSVDB ID: 17793 XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution; 0.761; OSVDB ID: 22290 ADOdb server.php sql Parameter SQL Injection; OSVDB ID: 22291 ADOdb tmssql.php do Variable Arbitrary PHP Function Execution; 0.760RC3; OSVDB ID: 16782 PostNuke user.php Path Disclosure; 0.73; OSVDB ID: 53010 PostNuke install.php Admin Password Disclosure; 0.74; OSVDB ID: 53010 PostNuke install.php Admin Password Disclosure

Phoenix: 0.7.2.1; OSVDB ID: 5496 PostNuke Glossary Module page Parameter SQL Injection; OSVDB ID: 5497 PostNuke Downloads Module Path Disclosure; OSVDB ID: 5522 PostNuke Members_List Module Path Disclosure; 0.7.2.3; OSVDB ID: 5496 PostNuke Glossary Module page Parameter SQL Injection; OSVDB ID: 5497 PostNuke Downloads Module Path Disclosure; 0.7.2.2; OSVDB ID: 5522 PostNuke Members_List Module Path Disclosure; 0.7.2.3-Phoenix; OSVDB ID: 5522 PostNuke Members_List Module Path Disclosure

PostNuke Phoenix: 0.721; OSVDB ID: 5515 PostNuke Web_Links Module Path Disclosure; OSVDB ID: 5517 PostNuke FAQ Module Path Disclosure; 0.722; OSVDB ID: 5515 PostNuke Web_Links Module Path Disclosure; OSVDB ID: 5517 PostNuke FAQ Module Path Disclosure; 0.723; OSVDB ID: 5515 PostNuke Web_Links Module Path Disclosure; OSVDB ID: 5517 PostNuke FAQ Module Path Disclosure

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.