Lucene search
K

191 matches found

NVD
NVD
added 2005/12/13 11:3 a.m.15 views

CVE-2005-4208

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. dot dot and null byte %00 in the id parameter of the read module...

5CVSS6.7AI score0.0833EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/12/13 11:0 a.m.26 views

CVE-2005-4208

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. dot dot and null byte %00 in the id parameter of the read module...

6.7AI score0.0833EPSS
Exploits1References3
CVE
CVE
added 2005/12/13 11:0 a.m.56 views

CVE-2005-4208

CVE-2005-4208 affects FlatNuke 2.5.6 (and potentially earlier 2.5.x) where an attacker can trigger a directory traversal via the id parameter to the read/index.php script, enabling remote arbitrary file access (dot dot and null byte %00). The issue stems from improper sanitization of user input, ...

5CVSS6.7AI score0.0833EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/12/12 12:0 a.m.22 views

FlatNuke index.php id Parameter Traversal Arbitrary File Access

The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers fails to remove directory traversal sequences user input to the 'id' parameter of the 'index.ph...

5CVSS5.9AI score0.0833EPSS
Exploits2References3
securityvulns
securityvulns
added 2005/12/11 12:0 a.m.28 views

Flatnuke 2.5.6 privilege escalation / remote commands execution exploit

?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 coded by rgod at http://rgod.altervista.org mail: retrogod at aliceposta it original advisor...

8.1AI score
Exploits0
exploitpack
exploitpack
added 2005/12/10 12:0 a.m.22 views

Flatnuke 2.5.6 - Privilege Escalation Remote Command Execution

Flatnuke 2.5.6 - Privilege Escalation Remote Command Execution ?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140...

0.8AI score
Exploits0
0day.today
0day.today
added 2005/12/10 12:0 a.m.102 views

Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ======================================================================= Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit ======================================================================= FlatNuke 2.5.5 remote...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/10 12:0 a.m.35 views

Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution

?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 https://www.exploit-db.com/exploits/1140/ coded by rgod at http://rgod.altervista.org mail:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2005/12/10 12:0 a.m.19 views

Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit

No description provided by source. ?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 coded by rgod at http://rgod.altervista.org mail: retrogo...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/10/29 2:22 a.m.17 views

CVE-2005-3361

Cross-site scripting XSS vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306...

5.6AI score0.01164EPSS
Exploits0References3
CVE
CVE
added 2005/10/29 2:22 a.m.45 views

CVE-2005-3361

XSS in FlatNuke 2.5.6: forum/index.php vulnerable to script injection via the nome parameter in login operation. Remote attacker could inject arbitrary script/HTML. No remediation details provided in the documents.

4.3CVSS5.9AI score0.01164EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2005/10/26 1:2 a.m.19 views

CVE-2005-3306

Cross-site scripting XSS vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of...

4.3CVSS5.1AI score0.01242EPSS
Exploits1References3
NVD
NVD
added 2005/10/26 1:2 a.m.15 views

CVE-2005-3307

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the 1 user parameter in a profile operation or 2 quale parameter in a newtopic operation...

5CVSS6.7AI score0.03124EPSS
Exploits1References5
exploitpack
exploitpack
added 2005/10/26 12:0 a.m.12 views

FlatNuke 2.5.x - index.php Cross-Site Scripting

FlatNuke 2.5.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.22 views

CVE-2005-3307

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the 1 user parameter in a profile operation or 2 quale parameter in a newtopic operation...

6.7AI score0.03124EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.19 views

CVE-2005-3306

Cross-site scripting XSS vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of...

5.1AI score0.01242EPSS
Exploits1References3
CVE
CVE
added 2005/10/25 4:0 a.m.40 views

CVE-2005-3306

CVE-2005-3306 describes an XSS vulnerability in index.php of FlatNuke 2.5.6, exploitable via the user parameter in a profile operation to inject arbitrary script/HTML. The vulnerability is specifically a cross-site scripting issue and is stated as a separate/vector from CVE-2005-2814, with a note...

4.3CVSS5.4AI score0.01242EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2005/10/25 4:0 a.m.43 views

CVE-2005-3307

CVE-2005-3307 affects FlatNuke 2.5.6. A directory traversal in index.php allows remote attackers to read arbitrary files via .. sequences in the user parameter (profile) or quale parameter (newtopic). Exploitation is remote and requires no authentication. A related Nessus entry implies a fixed ve...

5CVSS7.1AI score0.03124EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2005/10/25 12:0 a.m.12 views

FlatNuke < 2.5.7 index.php Traversal File Inclusion

Binary data 3265.prm...

10CVSS7.3AI score0.0833EPSS
Exploits4References4
exploitpack
exploitpack
added 2005/10/22 12:0 a.m.13 views

FlatNuke 2.5.x - index.php Multiple Remote File Inclusions

FlatNuke 2.5.x - index.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/15172/info FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...

0.1AI score
Exploits0
Rows per page
Query Builder