SecWatch

3 exploits Active since Jun 2005
CVE-2005-1895 EXPLOITDB text WRITEUP
FlatNuke 2.5.3 - Cross-Site Scripting via Border or Back Parameter
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php.
CVE-2005-1893 EXPLOITDB text WRITEUP
FlatNuke 2.5.3 - Information Disclosure via Invalid Parameter Error Message
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.
CVE-2005-1894 EXPLOITDB php WORKING POC
FlatNuke 2.5.3 - Remote Code Execution via Referer Header Injection
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.