Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2813

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2813
Last Modified 03 Apr 2009 12:40:21
Published 07 Sep 2005 02:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2813

Summary

Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.

Vulnerable Systems

Application

  • Flatnuke 2.5.6


References

BID - 14702

SECTRACK - 1014824

SECUNIA - 16650

BUGTRAQ - 20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure

BID - 15796

BUGTRAQ - 20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit

SECTRACK - 1015339


Last Updated: 27 May 2016 10:40:39