Asp-Nuke: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.019
Published
2007-05-30
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
CVSS Score
8.5
EPSS Score
0.053
Published
2007-03-07
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
CVSS Score
7.5
EPSS Score
0.014
Published
2006-11-22
Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp.
CVSS Score
5.0
EPSS Score
0.041
Published
2005-06-29
HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter.
CVSS Score
5.0
EPSS Score
0.041
Published
2005-06-29
SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter.
CVSS Score
7.5
EPSS Score
0.015
Published
2005-06-29
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
CVSS Score
7.5
EPSS Score
0.015
Published
2005-06-29
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.
CVSS Score
5.0
EPSS Score
0.05
Published
2004-12-31
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
CVSS Score
7.5
EPSS Score
0.011
Published
2002-08-12
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
CVSS Score
5.1
EPSS Score
0.012
Published
2002-08-12
Page 1