Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2807

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-2807
Last Modified 05 Sep 2008 05:05:29
Published 05 Jun 2006 01:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2807

Summary

ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.

Vulnerable Systems

Application

  • Aspwebsoft Speedy Asp Discussion Forum


References

BID - 18170

BUGTRAQ - 20060527 Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit

XF - speedyaspforum-user-account-manipulation(26811)

SREASON - 1037


Last Updated: 27 May 2016 10:42:46