191 matches found
CVE-2005-4208
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. dot dot and null byte %00 in the id parameter of the read module...
CVE-2005-4208
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. dot dot and null byte %00 in the id parameter of the read module...
CVE-2005-4208
CVE-2005-4208 affects FlatNuke 2.5.6 (and potentially earlier 2.5.x) where an attacker can trigger a directory traversal via the id parameter to the read/index.php script, enabling remote arbitrary file access (dot dot and null byte %00). The issue stems from improper sanitization of user input, ...
FlatNuke index.php id Parameter Traversal Arbitrary File Access
The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers fails to remove directory traversal sequences user input to the 'id' parameter of the 'index.ph...
Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 coded by rgod at http://rgod.altervista.org mail: retrogod at aliceposta it original advisor...
Flatnuke 2.5.6 - Privilege Escalation Remote Command Execution
Flatnuke 2.5.6 - Privilege Escalation Remote Command Execution ?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140...
Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit
Exploit for unknown platform in category web applications ======================================================================= Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit ======================================================================= FlatNuke 2.5.5 remote...
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 https://www.exploit-db.com/exploits/1140/ coded by rgod at http://rgod.altervista.org mail:...
Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit
No description provided by source. ?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 coded by rgod at http://rgod.altervista.org mail: retrogo...
CVE-2005-3361
Cross-site scripting XSS vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306...
CVE-2005-3361
XSS in FlatNuke 2.5.6: forum/index.php vulnerable to script injection via the nome parameter in login operation. Remote attacker could inject arbitrary script/HTML. No remediation details provided in the documents.
CVE-2005-3306
Cross-site scripting XSS vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of...
CVE-2005-3307
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the 1 user parameter in a profile operation or 2 quale parameter in a newtopic operation...
FlatNuke 2.5.x - index.php Cross-Site Scripting
FlatNuke 2.5.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
CVE-2005-3307
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the 1 user parameter in a profile operation or 2 quale parameter in a newtopic operation...
CVE-2005-3306
Cross-site scripting XSS vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of...
CVE-2005-3306
CVE-2005-3306 describes an XSS vulnerability in index.php of FlatNuke 2.5.6, exploitable via the user parameter in a profile operation to inject arbitrary script/HTML. The vulnerability is specifically a cross-site scripting issue and is stated as a separate/vector from CVE-2005-2814, with a note...
CVE-2005-3307
CVE-2005-3307 affects FlatNuke 2.5.6. A directory traversal in index.php allows remote attackers to read arbitrary files via .. sequences in the user parameter (profile) or quale parameter (newtopic). Exploitation is remote and requires no authentication. A related Nessus entry implies a fixed ve...
FlatNuke < 2.5.7 index.php Traversal File Inclusion
Binary data 3265.prm...
FlatNuke 2.5.x - index.php Multiple Remote File Inclusions
FlatNuke 2.5.x - index.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/15172/info FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...