CVE-2005-2540
published 2005-08-10CVE-2005-2540: CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13…
PriorityP336medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.10%
92.5th percentile
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatnuke | flatnuke | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x95g-j2cv-5p33: CRLF injection vulnerability in FlatNuke 2
ghsa_unreviewed·2022-05-01
CVE-2005-2540 [MEDIUM] GHSA-x95g-j2cv-5p33: CRLF injection vulnerability in FlatNuke 2
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
Red Hat
Firefox command line URL launches multi-tabs
vendor_redhat·2008-07-15·CVSS 7.5
CVE-2008-2933 [HIGH] Firefox command line URL launches multi-tabs
Firefox command line URL launches multi-tabs
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112327238030127&w=2http://secunia.com/advisories/16330http://www.osvdb.org/18554http://www.rgod.altervista.org/flatnuke.htmlhttp://www.securityfocus.com/bid/14485https://exchange.xforce.ibmcloud.com/vulnerabilities/21709http://marc.info/?l=bugtraq&m=112327238030127&w=2http://secunia.com/advisories/16330http://www.osvdb.org/18554http://www.rgod.altervista.org/flatnuke.htmlhttp://www.securityfocus.com/bid/14485https://exchange.xforce.ibmcloud.com/vulnerabilities/21709
2005-08-10
Published