CVE-2005-2538 Information

Description

FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX CON PRN COM1 or LPT1 in the mod parameter.

Reference

http://marc.info/?l=bugtraq&m=112327238030127&w=2 http://secunia.com/advisories/16330 http://www.osvdb.org/18550 http://www.rgod.altervista.org/flatnuke.html