exploitDog

CVE-2006-0440

Опубликовано: 26 янв. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.

Ссылки

http://evuln.com/vulns/46/summary.html
Exploit
Vendor Advisory
http://securitytracker.com/id?1015533
http://www.securityfocus.com/archive/1/423130/100/0/threaded
http://evuln.com/vulns/46/summary.html
Exploit
Vendor Advisory
http://securitytracker.com/id?1015533
http://www.securityfocus.com/archive/1/423130/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:text_rider:text_rider:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.0065

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-876r-xj39-ff44

github

почти 4 года назад

Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.

EPSS

Процентиль: 70%

0.0065

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other