Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4261

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4261
Last Modified 05 Nov 2012 10:44:55
Published 08 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4261

Summary

EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter.

Vulnerable Systems

Application

  • Ez Photo Sales 1.9.3


References

BUGTRAQ - 20070806 EZPhotoSales 1.9.3 Multiple Vulnerabilities

MISC - http://www.informit.com/guides/content.asp?g=security&seqNum=268

MISC - http://www.informit.com/guides/content.asp?g=security&seqNum=267

MISC - http://www.airscanner.com/security/07080601_ezphotosales.htm

BID - 25323

SREASON - 2985

SECUNIA - 26341

XF - ezphotosales-config-information-disclosure(35841)

XF - ezphotosales-galleries-info-disclosure(35840)


Last Updated: 27 May 2016 10:47:21