6 matches found
Improper access control
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing...
CVE-2007-4157
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing...
CVE-2007-4157
PHPBlogger stores sensitive information under the web root with insufficient access control, allowing remote retrieval of data/pref.db. The retrieved database contains the admin password hash, which can be used to craft authentication cookies and gain administrative access without the cleartext p...
CVE-2007-4157
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing...
PHPBlogger cookie privilege escalation
PHPBlogger is a simple tool to help the creation of web blogs... Encrypted admin password and other preferences are stored on /data/pref.db You can find lots of them exposed with google search: pref password= filetype:db = -------------------------------------------- The admin panel is acessible...
[email protected]
PHPBlogger is a simple tool to help the creation of web blogs... Encrypted admin password and other preferences are stored on /data/pref.db You can find lots of them exposed with google search: pref password= filetype:db = -------------------------------------------- The admin panel is acessible...