CVE-2006-1412 - TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, w

CVE-2006-1412

Summary

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.

References

http://secunia.com/advisories/19411
http://www.securityfocus.com/archive/1/453471/100/0/threaded
http://www.securityfocus.com/archive/1/453485/100/0/threaded
http://www.securityfocus.com/bid/17250
http://www.vupen.com/english/advisories/2006/1115
https://exchange.xforce.ibmcloud.com/vulnerabilities/25465
https://www.exploit-db.com/exploits/1611

Vulnerable Configurations

cpe:2.3:a:tft_gallery:tft_gallery:0.10:*:*:*:*:*:*:*
cpe:2.3:a:tft_gallery:tft_gallery:0.10:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	17250
bugtraq	20061204 Multiple bugs in TFT-Gallery 20061204 Re: Multiple bugs in TFT-Gallery
exploit-db	1611
secunia	19411
vupen	ADV-2006-1115
xf	tftgallery-passwd-disclosure(25465)

Last major update

18-10-2018 - 16:32

Published

28-03-2006 - 11:06

Last modified

18-10-2018 - 16:32