CVE-2006-1412

Опубликовано: 28 мар. 2006

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.

Ссылки

http://secunia.com/advisories/19411
Vendor Advisory
http://www.securityfocus.com/archive/1/453471/100/0/threaded
http://www.securityfocus.com/archive/1/453485/100/0/threaded
http://www.securityfocus.com/bid/17250
http://www.vupen.com/english/advisories/2006/1115
https://exchange.xforce.ibmcloud.com/vulnerabilities/25465
https://www.exploit-db.com/exploits/1611
http://secunia.com/advisories/19411
Vendor Advisory
http://www.securityfocus.com/archive/1/453471/100/0/threaded
http://www.securityfocus.com/archive/1/453485/100/0/threaded
http://www.securityfocus.com/bid/17250
http://www.vupen.com/english/advisories/2006/1115
https://exchange.xforce.ibmcloud.com/vulnerabilities/25465
https://www.exploit-db.com/exploits/1611

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tft_gallery:tft_gallery:0.10:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12875

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7f3x-h25w-q7w7

github

почти 4 года назад