Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

191 matches found

Packet Storm
Packet Stormadded 2009/04/14 12:0 a.m.21 views

Flatnuke 2.7.1 Privilege Escalation

!/usr/bin/env perl Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret = $lwp-post"http://$host/$path/index.php?mod=noneLogin",...

0.8AI score
Exploits0
seebug.org
seebug.orgadded 2009/04/14 12:0 a.m.58 views

Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit

No description provided by source. !/usr/bin/env perl Flatnuke = 2.7.1 level Privilege Escalation 0-day Exploit Description ----------- Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/noneLogin/section.php' script not properly sanitizing use...

7.1AI score
Exploits0
0day.today
0day.todayadded 2009/04/13 12:0 a.m.21 views

Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit

Exploit for unknown platform in category web applications ============================================================= Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret =...

7.1AI score
Exploits0
exploitpack
exploitpackadded 2009/04/13 12:0 a.m.12 views

Flatnuke 2.7.1 - level Privilege Escalation

Flatnuke 2.7.1 - level Privilege Escalation !/usr/bin/env perl Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret = $lwp-post"http://$h...

0.8AI score
Exploits0
Exploit DB
Exploit DBadded 2009/04/13 12:0 a.m.28 views

Flatnuke 2.7.1 - &#039;level&#039; Privilege Escalation

!/usr/bin/env perl Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret = $lwp-post"http...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2008/12/15 12:0 a.m.17 views

Flatnuke 3 Cookie Grabber Exploit

titolo" name="name" type="text" / Immagine File -- "alert69%3B...

Exploits0
Prion
Prionadded 2007/11/01 4:46 p.m.29 views

Code injection

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

6CVSS7.5AI score0.03831EPSS
Exploits0References3
Prion
Prionadded 2007/11/01 4:46 p.m.16 views

Design/Logic Flaw

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message...

5CVSS6.7AI score0.02603EPSS
Exploits0References3
Prion
Prionadded 2007/11/01 4:46 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter...

4.3CVSS7.4AI score0.00876EPSS
Exploits0References3
Prion
Prionadded 2007/11/01 4:46 p.m.17 views

Code injection

Flatnuke 3 aka FlatnuX allows remote attackers to obtain administrative access via a myforum%00 cookie...

7.5CVSS7.1AI score0.06073EPSS
Exploits1References5
NVD
NVDadded 2007/11/01 4:46 p.m.16 views

CVE-2007-5771

Flatnuke 3 aka FlatnuX allows remote attackers to obtain administrative access via a myforum%00 cookie...

7.5CVSS6.6AI score0.06073EPSS
Exploits1References5
NVD
NVDadded 2007/11/01 4:46 p.m.17 views

CVE-2007-5772

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

6CVSS7AI score0.03831EPSS
Exploits0References3
NVD
NVDadded 2007/11/01 4:46 p.m.23 views

CVE-2007-5773

Cross-site request forgery CSRF vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter...

4.3CVSS6.9AI score0.00876EPSS
Exploits0References3
NVD
NVDadded 2007/11/01 4:46 p.m.14 views

CVE-2007-5774

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message...

5CVSS6.1AI score0.02603EPSS
Exploits0References3
Cvelist
Cvelistadded 2007/11/01 4:4 p.m.22 views

CVE-2007-5771

Flatnuke 3 aka FlatnuX allows remote attackers to obtain administrative access via a myforum%00 cookie...

6.6AI score0.06073EPSS
Exploits1References5
Cvelist
Cvelistadded 2007/11/01 4:4 p.m.20 views

CVE-2007-5774

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message...

6.1AI score0.02603EPSS
Exploits0References3
Cvelist
Cvelistadded 2007/11/01 4:4 p.m.23 views

CVE-2007-5772

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

7AI score0.03831EPSS
Exploits0References3
CVE
CVEadded 2007/11/01 4:4 p.m.46 views

CVE-2007-5774

CVE-2007-5774 affects the File Manager module of Flatnuke 3. An error condition triggered by an invalid argumentname in a disc op action allows remote attackers to disclose the server path via an error message. The provided connected resources confirm the vulnerability description but do not spec...

5CVSS6.2AI score0.02603EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2007/11/01 4:4 p.m.53 views

CVE-2007-5773

CSRF in the File Manager module (index.php) of Flatnuke 3 allows remote attackers to perform administrative actions via forged requests that include the dir parameter (pathname) and the ffile parameter (filename). The vulnerability originates from the module’s index.php handling of these paramete...

4.3CVSS6.9AI score0.00876EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2007/11/01 4:4 p.m.35 views

CVE-2007-5771

CVE-2007-5771 affects Flatnuke 3 (aka FlatnuX). The issue allows remote attackers to obtain administrative access by manipulating a myforum%00 cookie. The description in multiple sources confirms remote exploitation without user interaction, enabling elevation of privileges to an admin level. No ...

7.5CVSS6.6AI score0.06073EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder