CVE-2005-1892

FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.

Score6.4
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactPARTIAL
Published2005-06-09 12:00:00.000-04
Last Modified2011-03-07 09:23:03.000-05

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 1.0, 1.5, 1.6, 1.7, 1.8, 2.0, 2.5.3

References

SourceLink
CONFIRMhttp://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
SECTRACK1014114
MISChttp://secwatch.org/advisories/secwatch/20050604_flatnuke.txt
VUPENADV-2005-0697