Lucene search

[email protected]CVE-2006-6890

HistoryDec 31, 2006 - 5:00 a.m.

CVE-2006-6890

2006-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

voodoo chat

cve-2006-6890

web security

access control

data exposure

remote attack

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.

CPENameOperatorVersion
voc-project:voodoo_chatvoc-project voodoo chateq1.0_rc1b

CPE	Name	Operator	Version
voc-project:voodoo_chat	voc-project voodoo chat	eq	1.0_rc1b

References

exchange.xforce.ibmcloud.com/vulnerabilities/31221

www.exploit-db.com/exploits/3044

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON