Lucene search
K

191 matches found

Exploit DB
Exploit DB
added 2005/06/07 12:0 a.m.38 views

FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2005/06/07 12:0 a.m.26 views

FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

7.4AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.14 views

CVE-2005-0267

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and 10 in the urlavatar field, which is interpreted as a sensitive directive...

7.5CVSS6.5AI score0.01727EPSS
Exploits1References3
CVE
CVE
added 2005/02/10 5:0 a.m.41 views

CVE-2005-0268

CVE-2005-0268 affects FlatNuke 2.5.1 and describes a Direct code injection vulnerability that allows an attacker to execute arbitrary PHP code by placing the payload in the url_avatar field. The connected documents corroborate a remote code execution risk in FlatNuke via a form submission field, ...

7.5CVSS7.8AI score0.01532EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/02/10 5:0 a.m.43 views

CVE-2005-0267

CVE-2005-0267 affects FlatNuke 2.5.1. The vulnerability lies in the url_avatar field of index.php, where specially crafted input containing carriage returns (CR) and line feeds (LF) is interpreted as a sensitive directive, allowing remote attackers to create an administrator account. Some sources...

7.5CVSS6.6AI score0.01727EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.16 views

CVE-2005-0267

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and 10 in the urlavatar field, which is interpreted as a sensitive directive...

6.5AI score0.01727EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.27 views

CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the urlavatar field...

7.8AI score0.01532EPSS
Exploits0References3
securityvulns
securityvulns
added 2005/01/04 12:0 a.m.31 views

Multiple Vulnerabilities in FlatNuke

CODEBUG Labs Advisory 6 Title: Multiple Vulnerabilities in Flat-nuke Author: Pierquinto 'Mantra' Manco English Version: David 'hanska' Paleino Product: Flat-Nuke 2.5.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org - Software Page www.flatnuke.org "FlatNuke is a CMS Content Management...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/01/04 12:0 a.m.14 views

FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution

The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The remote version of this software has a form submission vulnerability that may allow an attacker to execute arbitrary PHP commands on the remote host...

7.5CVSS6AI score0.01727EPSS
Exploits1References3
NVD
NVD
added 2005/01/03 5:0 a.m.18 views

CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the urlavatar field...

7.5CVSS7.8AI score0.01532EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/01/03 12:0 a.m.9 views

FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection

Binary data 2483.prm...

7.5CVSS7.3AI score0.01727EPSS
Exploits1References2
Rows per page
Query Builder