Vulnerabilities > Flatnuke
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-07 | CVE-2005-2813 | Directory Traversal vulnerability in Flatnuke 2.5.6 Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php. | 5.0 |
| 2005-08-10 | CVE-2005-2540 | Unspecified vulnerability in Flatnuke 2.5.5 CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request. | 5.0 |
| 2005-08-10 | CVE-2005-2539 | Cross-Site Scripting vulnerability in Flatnuke 2.5.5 Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. network flatnuke | 4.3 |
| 2005-08-10 | CVE-2005-2538 | Denial-Of-Service vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | 5.0 |
| 2005-08-10 | CVE-2005-2537 | Information Disclosure vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | 5.0 |
| 2005-06-09 | CVE-2005-1896 | Directory Traversal vulnerability in Flatnuke 2.5.3 Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | 5.0 |
| 2005-06-09 | CVE-2005-1895 | Cross-Site Scripting vulnerability in Flatnuke 2.5.3 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. network flatnuke | 4.3 |
| 2005-06-09 | CVE-2005-1893 | Information Disclosure vulnerability in Flatnuke 2.5.3 FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | 5.0 |
| 2005-05-02 | CVE-2005-0267 | Unspecified vulnerability in Flatnuke 2.5.1 index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | 7.5 |
| 2005-01-03 | CVE-2005-0268 | Unspecified vulnerability in Flatnuke 2.5.1 Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | 7.5 |