CVE-2005-4208

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.

Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2005-12-13 06:03:00.000-05
Last Modified2018-10-19 11:40:33.000-04

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.6

References

SourceLink
SECTRACK1015339
BUGTRAQ20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
BID15796