FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postnuke -- multiple vulnerabilities

Affected packages
		postnuke	<	0.760

Details

VuXML ID	0274a9f1-0759-11da-bc08-0001020eed82
Discovery	2005-05-27
Entry	2005-08-08

Postnuke Security Announcementss reports of the following vulnerabilities:

missing input validation within /modules/Messages/readpmsg.php

possible path disclosure within /user.php

possible path disclosure within /modules/News/article.php

possible remote code injection within /includes/pnMod.php

possible cross-site-scripting in /index.php

[source]

remote code injection via xml rpc library

[source]

References

CVE Name	CVE-2005-1621
CVE Name	CVE-2005-1695
CVE Name	CVE-2005-1696
CVE Name	CVE-2005-1698
CVE Name	CVE-2005-1777
CVE Name	CVE-2005-1778
CVE Name	CVE-2005-1921
Message	20050527223753.21735.qmail@www.securityfocus.com
URL	http://news.postnuke.com/Article2691.html
URL	http://news.postnuke.com/Article2699.html
URL	http://secunia.com/advisories/15450/