Flatnuke

Flatnuke

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-2540

Exploit
  • EPSS 6.32%
  • Veröffentlicht 10.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preced...

4.3

CVE-2005-2539

Exploit
  • EPSS 7.21%
  • Veröffentlicht 10.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php,...

5

CVE-2005-2538

Exploit
  • EPSS 0.48%
  • Veröffentlicht 10.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.

5

CVE-2005-2537

Exploit
  • EPSS 0.48%
  • Veröffentlicht 10.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.

5

CVE-2005-1896

Exploit
  • EPSS 0.9%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.

4.3

CVE-2005-1895

  • EPSS 4.44%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php.

7.5

CVE-2005-1894

Exploit
  • EPSS 8.92%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be acces...

5

CVE-2005-1893

  • EPSS 6.51%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.

6.4

CVE-2005-1892

Exploit
  • EPSS 1.03%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document ...

7.5

CVE-2005-0267

Exploit
  • EPSS 0.86%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.