CVE-2005-4208
published 2005-12-13CVE-2005-4208: Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.33%
94.2th percentile
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatnuke | flatnuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
exploitdb·2005-12-10
CVE-2005-4449 Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
---
*** Flatnuke 2.5.6 remote commands execution exploit ***
body {background-color:#111111; SCROLLBAR-ARROW-COLOR:
#ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: #1CB081; } img
{background-color: #FFFFFF !important} input {background-color: #303030
!important} option { background-color: #303030 !important} textarea
{background-color: #303030 !important} input {color: #1CB081 !important} option
{color: #1CB081 !important} textarea {color: #1CB081 !important} checkbox
{background-color: #303030 !important} select {font-weight: normal; color:
#1CB081; background-color: #303030;} body {font-size: 8pt !important;
background-color: #111111; body * {font-size: 8pt !important} h1 {font-size:
0.8em !important} h2
Exploit-DB
Flatnuke 2.5.5 - Remote Code Execution
exploitdb·2005-08-08
CVE-2005-4208 Flatnuke 2.5.5 - Remote Code Execution
Flatnuke 2.5.5 - Remote Code Execution
---
FlatNuke 2.5.5 remote commands execution
FlatNuke 2.5.5 (possibly prior versions) remote commands execution
a script by rgod at http://rgod.altervista.org
hostname (ex: www.sitename.com)
path (ex: /flatnuke/forum/ or /forum/ just /)
specify a port other than 80 (default value)
a Unix command, example: ls -la to list directories, cat /etc/passwd to show passwd file
send exploit through an HTTP proxy (ip:port)
';
function show($headeri)
{
$ii=0;
$ji=0;
$ki=0;
$ci=0;
echo '';
while ($ii ";
for ($li=0; $li".$headeri[$li+$ki]."";
}
$ki=$ki+16;
echo "";
}
if (strlen($datai)==1) {echo "0".$datai."";} else
{echo "".$datai." ";}
$ii++;
$ji++;
}
for ($li=1; $li ";
}
for ($li=$ci*16; $li".$headeri[$li]."";
}
echo "";
}
$proxy_
No writeups or analysis indexed.
2005-12-13
Published