Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5129

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5129
Last Modified 15 Nov 2008 01:59:48
Published 27 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5129

Summary

SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

Vulnerable Systems

Application

  • Boesch-it Simpgb 1.46.02


References

CONFIRM - http://forum.boesch-it.de/viewtopic.php?t=2790

XF - simpgb-htaccess-information-disclosure(36777)

XF - simpgb-cfginfo-information-disclosure(36776)

BUGTRAQ - 20070925 SimpGB version 1.46.02 File Content Disclosure Vulnerability

BUGTRAQ - 20070925 SimpGB version 1.46.02 Information Disclosure Vulnerability

MISC - http://www.netvigilance.com/advisory0066

MISC - http://www.netvigilance.com/advisory0065

SECUNIA - 26974

OSVDB - 40613

OSVDB - 40612


Last Updated: 27 May 2016 10:46:05