{"id": "CVE-2006-6891", "bulletinFamily": "NVD", "title": "CVE-2006-6891", "description": "Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.", "published": "2006-12-31T05:00:00", "modified": "2017-10-19T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6891", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/3053", "https://exchange.xforce.ibmcloud.com/vulnerabilities/31220"], "cvelist": ["CVE-2006-6891"], "type": "cve", "lastseen": "2019-05-29T18:08:35", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "57c9dd408db5c4e52a66b181c7e1c8e4"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6b4373ba83feac15fc0c6fc449c748c4"}, {"key": "cpe23", "hash": "3d164236dd1be460a9cbe73aa0ec2b3d"}, {"key": "cvelist", "hash": "dc8d3d693ff8717f5a4096eab3b24b8e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "a0de0a8cd6b964b57c0817c5153128a1"}, {"key": "href", "hash": "d5e56b72781dca34e7eb9315d11bcf48"}, {"key": "modified", "hash": "444d43e9817288cd3cd8e6c9a31c8aed"}, {"key": "published", "hash": "ed57dcc4fb5c911b94ea09eeae1c33f5"}, {"key": "references", "hash": "cc86292e5c69900c809611981ae2212f"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "86b7795364aabbed1586e97e3f247208"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7831a95477a2c322dde05239430c3bb83b1a30b2bd77e198a9b2f03e9f3a2a13", "viewCount": 0, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2019-05-29T18:08:35"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:3053"]}, {"type": "osvdb", "idList": ["OSVDB:37553"]}], "modified": "2019-05-29T18:08:35"}, "vulnersScore": 6.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:vz_forum:vz_forum:2.0.3"], "affectedSoftware": [{"name": "vz_forum vz_forum", "operator": "eq", "version": "2.0.3"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:vz_forum:vz_forum:2.0.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-01-31T17:38:05", "bulletinFamily": "exploit", "description": "Vz (Adp) Forum 2.0.3 Remote Password Disclosure Vulnerablity. CVE-2006-6891. Webapps exploit for php platform", "modified": "2006-12-31T00:00:00", "published": "2006-12-31T00:00:00", "id": "EDB-ID:3053", "href": "https://www.exploit-db.com/exploits/3053/", "type": "exploitdb", "title": "Vz Adp Forum 2.0.3 - Remote Password Disclosure Vulnerablity", "sourceData": "##########################################################################################################\n#Sv(ADP) Forum 2.0.3 Remote Password Disclosure Vulnerablity \n##########################################################################################################\n#S.name:ADP Forum \n#Affected version:2.0.3 \n#Download&Demo:http://www.linux.it/~fedro/index.php?pag=scripts&lang=en \n#Risk:Very Highly Critical \n##########################################################################################################\n#Author:Dr Max Virus \n#Location:Egypt \n##########################################################################################################\n#POC: \n#http:/[target]/[path]/users/admin.txt \n#As We see Admin name and hash !!!!!!!!!!!!!!!!!!!!!!!!!!\n##########################################################################################################\n#You can crack the password with any md5 encrypt \n \n#Or u can register and inject the info in any cookie editor can be in \nFireFox or Opera \n##########################################################################################################\n#Dork:ADP Forum 2.0.3 is powered by VzScripts \n##########################################################################################################\n#Thx:str0ke-koray-Timq-r0ut3r-mTk-nuffsaid-MrSwan-All Friends \n#Special Gr33ts:AsianEagle-Kacper-The master-Hotturk \n##########################################################################################################\n\n# milw0rm.com [2006-12-31]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3053/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp:/[target]/[path]/users/admin.txt\n## References:\nISS X-Force ID: 31220\nGeneric Exploit URL: http://milw0rm.com/exploits/3053\n[CVE-2006-6891](https://vulners.com/cve/CVE-2006-6891)\n", "modified": "2006-12-31T19:01:25", "published": "2006-12-31T19:01:25", "href": "https://vulners.com/osvdb/OSVDB:37553", "id": "OSVDB:37553", "title": "Vz (Adp) Forum users/admin.txt Direct Request Admin Credential Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}