English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:11236
Category:CGI abuses
Title:PHP-Nuke is installed on the remote host
Summary:Determines if PHP-Nuke is installed on the remote host
Description:Description:

The remote host is running a copy of PHP-Nuke.

Given the insecurity history of this package, the Nessus
team recommends that you do not use it but
use something else instead, as security was clearly
not in the mind of the persons who wrote it.

The author of PHP-Nuke (Francisco Burzi) even started to rewrite
the program from scratch, given the huge number of vulnerabilities
(http://www.phpnuke.org/modules.php?name=News&file=article&sid=5640)

Solution : De-install this package and use something else
Risk factor : High

Cross-Ref: BugTraq ID: 6446
BugTraq ID: 6465
BugTraq ID: 6503
BugTraq ID: 6750
BugTraq ID: 6887
BugTraq ID: 6890
BugTraq ID: 7031
BugTraq ID: 7060
BugTraq ID: 7078
BugTraq ID: 7079
Common Vulnerability Exposure (CVE) ID: CVE-2001-0292
Bugtraq: 20010302 PHPNUKE4.4.1a Advisory (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2001-02/0525.html
Common Vulnerability Exposure (CVE) ID: CVE-2001-0320
Bugtraq: 20010223 Yet another hole in PHP-Nuke (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html
Common Vulnerability Exposure (CVE) ID: CVE-2001-0854
Bugtraq: 20011105 Copying and Deleting Files Using PHP-Nuke (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=100525739116093&w=2
BugTraq ID: 3510
http://www.securityfocus.com/bid/3510
http://www.iss.net/security_center/static/7478.php
Common Vulnerability Exposure (CVE) ID: CVE-2001-0911
Bugtraq: 20011121 PhpNuke Admin password can be stolen ! (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=100638850219503&w=2
BugTraq ID: 3567
http://www.securityfocus.com/bid/3567
XForce ISS Database: phpnuke-postnuke-insecure-passwords(7596)
http://xforce.iss.net/static/7596.php
Common Vulnerability Exposure (CVE) ID: CVE-2001-1025
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
BugTraq ID: 3149
http://www.securityfocus.com/bid/3149
Common Vulnerability Exposure (CVE) ID: CVE-2002-0206
Bugtraq: 20020116 PHP-Nuke allows Command Execution & Much more (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=101121913914205&w=2
CERT/CC vulnerability note: VU#221683
http://www.kb.cert.org/vuls/id/221683
BugTraq ID: 3889
http://www.securityfocus.com/bid/3889
XForce ISS Database: phpnuke-index-command-execution(7914)
http://xforce.iss.net/xforce/xfdb/7914
Common Vulnerability Exposure (CVE) ID: CVE-2002-0483
Bugtraq: 20020320 Fw: PHPNuke 5.4 Path Disclosure Vulnerability? (Google Search)
http://online.securityfocus.com/archive/1/263337
BugTraq ID: 4333
http://www.securityfocus.com/bid/4333
http://www.iss.net/security_center/static/8618.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-1242
http://www.idefense.com/advisory/10.31.02c.txt
Bugtraq: 20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
http://www.iss.net/security_center/static/10516.php
BugTraq ID: 6088
http://www.securityfocus.com/bid/6088
http://www.osvdb.org/6244
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.