Lucene search

[email protected]CVE-2007-2979

HistoryJun 01, 2007 - 1:30 a.m.

CVE-2007-2979

2007-06-0101:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2979

techno dreams

web directory

search engine

access control

remote attackers

database security

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb.

Affected configurations

NVD

Node

techno_dreamsweb_directoryMatch2.0

CPENameOperatorVersion
techno_dreams:web_directorytechno dreams web directoryeq2.0

CPE	Name	Operator	Version
techno_dreams:web_directory	techno dreams web directory	eq	2.0

References

osvdb.org/36274

secunia.com/advisories/25436

securityreason.com/securityalert/2755

www.securityfocus.com/archive/1/469587/30/30/threaded

www.vupen.com/english/advisories/2007/1970

exchange.xforce.ibmcloud.com/vulnerabilities/34518

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for CVE-2007-2979

cvelist1 nvd1 prion1