Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatnuke flatnuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-3608
The Gallery module in Simone Vellei Flatnuke 2.5.7 and previous versions, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php ...
Flatnuke Flatnuke 1.8
Flatnuke Flatnuke 2.0
Flatnuke Flatnuke 1.6
Flatnuke Flatnuke 1.7
Flatnuke Flatnuke
Flatnuke Flatnuke 1.0
Flatnuke Flatnuke 1.5
Flatnuke Flatnuke 2.5.5
Flatnuke Flatnuke 2.5.6
Flatnuke Flatnuke 2.5.1
Flatnuke Flatnuke 2.5.3
1 EDB exploit
NA
CVE-2005-1892
FlatNuke 2.5.3 allows remote malicious users to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message...
Flatnuke Flatnuke
NA
CVE-2005-0267
index.php in FlatNuke 2.5.1 allows remote malicious users to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
Flatnuke Flatnuke 2.5.1
NA
CVE-2007-5109
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote malicious users to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login ac...
Flatnuke Flatnuke 2.6
NA
CVE-2005-2813
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote malicious users to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
Flatnuke Flatnuke 2.5.6
1 EDB exploit
NA
CVE-2005-2537
FlatNuke 2.5.5 and possibly earlier versions allows remote malicious users to obtain sensitive information via a direct request to structure.php.
Flatnuke Flatnuke 2.5.5
NA
CVE-2005-2538
FlatNuke 2.5.5 and possibly earlier versions allows remote malicious users to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.
Flatnuke Flatnuke 2.5.5
NA
CVE-2005-2539
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote malicious users to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_ma...
Flatnuke Flatnuke 2.5.5
2 EDB exploits
NA
CVE-2005-2540
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote malicious users to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, w...
Flatnuke Flatnuke 2.5.5
1 EDB exploit
NA
CVE-2005-0268
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote malicious users to execute arbitrary PHP code by placing the code into the url_avatar field.
Flatnuke Flatnuke 2.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »