Flatnuke <= 2.5.8 file() Priv Escalation / Code Execution Exploit

Exploit for unknown platform in category web applications ================================================================= Flatnuke 126...

Flatnuke 2.5.8 - userlang Local Inclusion Delete All Users

Flatnuke 2.5.8 - userlang Local Inclusion Delete All Users !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i;...

Flatnuke 2.5.8 - file() Privilege Escalation Code Execution

Flatnuke 2.5.8 - file Privilege Escalation Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexo...

Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Flatnuke 2.5.8 "userlang" arbitrary local inclusion/delete all users exploit by rgod [email protected] site: http://retrogod.altervista.o...

Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit

Exploit for unknown platform in category web applications ==================================================================== Flatnuke 2.5.8 userlang Local Inclusion / Delete All Users Exploit ==================================================================== !/usr/bin/php -q -d shortopentag=o...

Flatnuke 2.5.8 - &#039;file()&#039; Privilege Escalation / Code Execution

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string...

Flatnuke 2.5.8 - &#039;userlang&#039; Local Inclusion / Delete All Users

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if...

CVE-2006-3608

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file...

CVE-2006-3608

The CVE-2006-3608 entry concerns Simone Vellei Flatnuke 2.5.7 and earlier. When Gallery uploads are enabled, the product does not restrict file extensions for uploads that begin with a GIF header, allowing remote authenticated users to execute arbitrary PHP code via an uploaded .php file. The NVD...

flatnuke-2.5.7_xpl.txt

12/07/200619.11.54 ----- Flatnuke 2.5.7 arbitrary file upload / remote code execution ------------- software: site: http://www.flatnuke.org/ -------------------------------------------------------------------------------- if user Gallery uploads are enabled not the default you can go to:...

flatnuke &lt;= 2.5.7 arbitrary php file upload

12/07/200619.11.54 ----- Flatnuke 2.5.7 arbitrary file upload / remote code execution ------------- software: site: http://www.flatnuke.org/ -------------------------------------------------------------------------------- if user Gallery uploads are enabled not the default you can go to:...

FlatNuke 2.5.7 - index.php Remote File Inclusion

FlatNuke 2.5.7 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/18966/info FlatNuke is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

FlatNuke 2.5.7 - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/18966/info FlatNuke is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP...

CVE-2005-4448

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash possibly via CVE-2005-2813, then calculating the credentials and...

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

CVE-2005-4448

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash possibly via CVE-2005-2813, then calculating the credentials and...

CVE-2005-4449

The CVE-2005-4449 entry concerns verify.php in FlatNuke 2.5.6 , where remote authenticated administrators can modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting code via the body parameter. This describes a privilege-elevation-like issue within an authenti...

CVE-2005-4448

CVE-2005-4448 concerns FlatNuke 2.5.6 where authentication credentials are verified using an MD5 checksum of the admin name and the hashed password instead of the plaintext password. This allows an attacker who can obtain the password hash (notably via CVE-2005-2813) to compute credentials and in...

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

flatnuke256_xpl.txt

?php ---flatnuke256xpl.php 4.32 10/12/2005 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit works with magicquotesgpc off, try this with 2.5.5: http://www.milw0rm.com/id.php?id=1140 coded by rgod at http://rgod.altervista.org mail: retrogod at aliceposta it original advisor...