Vulnerabilities > Flatnuke > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-08-10 CVE-2005-2540 Unspecified vulnerability in Flatnuke 2.5.5
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
network
low complexity
flatnuke
5.0
5.0
2005-08-10 CVE-2005-2539 Cross-Site Scripting vulnerability in Flatnuke 2.5.5
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post.
network
flatnuke
4.3
4.3
2005-08-10 CVE-2005-2538 Denial-Of-Service vulnerability in Flatnuke 2.5.5
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.
network
low complexity
flatnuke
5.0
5.0
2005-08-10 CVE-2005-2537 Information Disclosure vulnerability in Flatnuke 2.5.5
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.
network
low complexity
flatnuke
5.0
5.0
2005-06-09 CVE-2005-1896 Directory Traversal vulnerability in Flatnuke 2.5.3
Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.
network
low complexity
flatnuke
5.0
5.0
2005-06-09 CVE-2005-1895 Cross-Site Scripting vulnerability in Flatnuke 2.5.3
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php.
network
flatnuke
4.3
4.3
2005-06-09 CVE-2005-1893 Information Disclosure vulnerability in Flatnuke 2.5.3
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.
network
low complexity
flatnuke
5.0
5.0