13 matches found
EUVD-2005-3306
Malware in sbrugna...
EUVD-2005-3360
Malware in sbrugna...
EUVD-2005-4203
Malware in sbrugna...
CVE-2005-4448
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash possibly via CVE-2005-2813, then calculating the credentials and...
CVE-2005-4208
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. dot dot and null byte %00 in the id parameter of the read module...
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 https://www.exploit-db.com/exploits/1140/ coded by rgod at http://rgod.altervista.org mail:...
CVE-2005-3361
XSS in FlatNuke 2.5.6: forum/index.php vulnerable to script injection via the nome parameter in login operation. Remote attacker could inject arbitrary script/HTML. No remediation details provided in the documents.
CVE-2005-3307
CVE-2005-3307 affects FlatNuke 2.5.6. A directory traversal in index.php allows remote attackers to read arbitrary files via .. sequences in the user parameter (profile) or quale parameter (newtopic). Exploitation is remote and requires no authentication. A related Nessus entry implies a fixed ve...
CVE-2005-3306
CVE-2005-3306 describes an XSS vulnerability in index.php of FlatNuke 2.5.6, exploitable via the user parameter in a profile operation to inject arbitrary script/HTML. The vulnerability is specifically a cross-site scripting issue and is stated as a separate/vector from CVE-2005-2814, with a note...
CVE-2005-2814
Cross-site scripting XSS vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a visreg operation to index.php...
CVE-2005-2815
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information path disclosure on error or cause a denial of service resource consumption via an MS-DOS device name in the news parameter to print.php, such as 1 AUX, 2 CON, 3 PRN, 4 COM1, or 5 LPT1...
Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure
Flatnuke 2.5.6 Underlying system information disclosure / Administrative & users credentials disclosure / cross site scripting / path disclosure / resource consumption poc tested on Windows software: site: http://flatnuke.sourceforge.net/flatnuke/ 1 cross site scripting:...
flatnuke256.txt
Flatnuke 2.5.6 Underlying system information disclosure / Administrative & users credentials disclosure / cross site scripting / path disclosure / resource consumption poc tested on Windows software: site: http://flatnuke.sourceforge.net/flatnuke/ 1 cross site scripting:...