CVE-2002-1995
published 2002-12-31CVE-2002-1995: Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.54%
87.8th percentile
Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lebios | phptonuke.php | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenBSD - 'ibcs2_exec' Kernel Code Execution
exploitdb·2003-11-07
CVE-2003-0955 OpenBSD - 'ibcs2_exec' Kernel Code Execution
OpenBSD - 'ibcs2_exec' Kernel Code Execution
---
//
// Patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch
//
#include
#include
#include
#include
/* $OpenBSD: ibcs2_exec.h,v 1.3 2002/03/14 01:26:50 millert Exp $ */
/* $NetBSD: ibcs2_exec.h,v 1.4 1995/03/14 15:12:24 scottb Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
* All rights reserved.
*
* adapted from sys/sys/exec_ecoff.h
* based on Intel iBCS2
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, t
Exploit-DB
PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting
exploitdb·2002-01-06
CVE-2002-1995 PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting
PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/3807/info
phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios.
It is possible for a malicious user to create a link to the phptonuke.php script which contains script code. When an unsuspecting web user browses the link, the script code will be executed in their browser in the context of the PHPNuke site.
This type of attack may be used to hijack a legitimate user's session via theft of cookie-based authentication credentials.
http://phpnukesite/phptonuke.php?filnavn=alert(document.cookie)
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0048.htmlhttp://www.iss.net/security_center/static/7837.phphttp://www.securityfocus.com/bid/3807http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0048.htmlhttp://www.iss.net/security_center/static/7837.phphttp://www.securityfocus.com/bid/3807
2002-12-31
Published