Lucene search

[email protected]CVE-2008-0135

HistoryJan 08, 2008 - 7:46 p.m.

CVE-2008-0135

2008-01-0819:46:00

CWE-264

[email protected]

web.nvd.nist.gov

snitz forums

cve-2008-0135

information security

access control

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

Affected configurations

NVD

Node

snitz_communicationssnitz_forums_2000Range≤3.4.06

snitz_communicationssnitz_forums_2000Match3.0

snitz_communicationssnitz_forums_2000Match3.1

snitz_communicationssnitz_forums_2000Match3.1sr4

snitz_communicationssnitz_forums_2000Match3.2.03

snitz_communicationssnitz_forums_2000Match3.3

snitz_communicationssnitz_forums_2000Match3.3.01

snitz_communicationssnitz_forums_2000Match3.3.02

snitz_communicationssnitz_forums_2000Match3.3.03

snitz_communicationssnitz_forums_2000Match3.4.02

snitz_communicationssnitz_forums_2000Match3.4.03

snitz_communicationssnitz_forums_2000Match3.4.04

snitz_communicationssnitz_forums_2000Match3.4.05

CPENameOperatorVersion
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000le3.4.06
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.0
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.1
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.2.03
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.3
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.3.01
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.3.02
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.3.03
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.4.02
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.4.03

CPE	Name	Operator	Version
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	le	3.4.06
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.0
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.1
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.2.03
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.3
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.3.01
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.3.02
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.3.03
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.4.02
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.4.03

Rows per page:

1-10 of 121

References

hackerscenter.com/archive/view.asp?id=28145

www.packetstormsecurity.org/0801-exploits/snitz-multi.txt

www.securityfocus.com/archive/1/485836/100/200/threaded

www.securityfocus.com/archive/1/485894/100/200/threaded

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2008-0135

nvd1 cvelist1 prion1