Lucene search

[email protected]CVE-2006-0920

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0920

2006-02-2811:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0920

oi! 3

email marketing system

ftp password

security vulnerability

cleartext storage

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server’s FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.

Affected configurations

NVD

Node

oiemail_marketing_systemMatch3.0

CPENameOperatorVersion
oi:email_marketing_systemoi email marketing systemeq3.0

CPE	Name	Operator	Version
oi:email_marketing_system	oi email marketing system	eq	3.0

References

securityreason.com/securityalert/483

www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt

www.securityfocus.com/archive/1/425924/100/0/threaded

www.securityfocus.com/bid/16794

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-0920

nvd1 prion1 cvelist1