VYPR

Flatnuke

by Flatnuke

CVEs (26)

  • CVE-2005-2537Aug 10, 2005
    risk 0.00cvss epss 0.02

    FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.

  • CVE-2005-2538Aug 10, 2005
    risk 0.00cvss epss 0.02

    FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.

  • CVE-2005-1896Jun 9, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.

  • CVE-2005-1892Jun 9, 2005
    risk 0.00cvss epss 0.02

    FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.

  • CVE-2005-0267May 2, 2005
    risk 0.00cvss epss 0.02

    index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

  • CVE-2005-0268Jan 3, 2005
    risk 0.00cvss epss 0.02

    Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

Page 2 of 2