191 matches found
FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...
FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure
source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...
CVE-2005-0267
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and 10 in the urlavatar field, which is interpreted as a sensitive directive...
CVE-2005-0268
CVE-2005-0268 affects FlatNuke 2.5.1 and describes a Direct code injection vulnerability that allows an attacker to execute arbitrary PHP code by placing the payload in the url_avatar field. The connected documents corroborate a remote code execution risk in FlatNuke via a form submission field, ...
CVE-2005-0267
CVE-2005-0267 affects FlatNuke 2.5.1. The vulnerability lies in the url_avatar field of index.php, where specially crafted input containing carriage returns (CR) and line feeds (LF) is interpreted as a sensitive directive, allowing remote attackers to create an administrator account. Some sources...
CVE-2005-0267
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and 10 in the urlavatar field, which is interpreted as a sensitive directive...
CVE-2005-0268
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the urlavatar field...
Multiple Vulnerabilities in FlatNuke
CODEBUG Labs Advisory 6 Title: Multiple Vulnerabilities in Flat-nuke Author: Pierquinto 'Mantra' Manco English Version: David 'hanska' Paleino Product: Flat-Nuke 2.5.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org - Software Page www.flatnuke.org "FlatNuke is a CMS Content Management...
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The remote version of this software has a form submission vulnerability that may allow an attacker to execute arbitrary PHP commands on the remote host...
CVE-2005-0268
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the urlavatar field...
FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection
Binary data 2483.prm...