Flatnuke
by Flatnuke
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2537 | 0.00 | — | 0.02 | Aug 10, 2005 | FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | |||
| CVE-2005-2538 | 0.00 | — | 0.02 | Aug 10, 2005 | FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | |||
| CVE-2005-1896 | 0.00 | — | 0.02 | Jun 9, 2005 | Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | |||
| CVE-2005-1892 | 0.00 | — | 0.02 | Jun 9, 2005 | FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||
| CVE-2005-0267 | 0.00 | — | 0.02 | May 2, 2005 | index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | |||
| CVE-2005-0268 | 0.00 | — | 0.02 | Jan 3, 2005 | Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. |
- CVE-2005-2537Aug 10, 2005risk 0.00cvss —epss 0.02
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.
- CVE-2005-2538Aug 10, 2005risk 0.00cvss —epss 0.02
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.
- CVE-2005-1896Jun 9, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.
- CVE-2005-1892Jun 9, 2005risk 0.00cvss —epss 0.02
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
- CVE-2005-0267May 2, 2005risk 0.00cvss —epss 0.02
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
- CVE-2005-0268Jan 3, 2005risk 0.00cvss —epss 0.02
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.
Page 2 of 2