Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0370

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0370
Last Modified 05 Sep 2008 04:59:04
Published 22 Jan 2006 03:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0370

Summary

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.

Vulnerable Systems

Application

  • Noah Medling Rcblog 1.03


References

BUGTRAQ - 20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure

MISC - http://www.fluffington.com/index.php?page=rcblog

SECUNIA - 18547

MISC - http://evuln.com/vulns/42/summary.html

XF - rcblog-data-config-insecure-directories(24249)

OSVDB - 22679

SECTRACK - 1015523


Last Updated: 27 May 2016 10:41:38