exploitDog

CVE-2009-0760

Опубликовано: 06 мар. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.

Ссылки

http://packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt
Exploit
http://secunia.com/advisories/33839
Vendor Advisory
http://www.osvdb.org/51752
Exploit
https://www.exploit-db.com/exploits/7982
http://packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt
Exploit
http://secunia.com/advisories/33839
Vendor Advisory
http://www.osvdb.org/51752
Exploit
https://www.exploit-db.com/exploits/7982

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:team5:team_board:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:team5:team_board:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05231

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-fwm8-q9v7-h6xw

github

почти 4 года назад

Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.

EPSS

Процентиль: 90%

0.05231

Низкий

5 Medium

CVSS2

Дефекты

CWE-264