CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type Values Removed Values Added
References () http://hackerscenter.com/archive/view.asp?id=28145 - () http://hackerscenter.com/archive/view.asp?id=28145 -
References () http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt - () http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt -
References () http://www.securityfocus.com/archive/1/485836/100/200/threaded - () http://www.securityfocus.com/archive/1/485836/100/200/threaded -
References () http://www.securityfocus.com/archive/1/485894/100/200/threaded - () http://www.securityfocus.com/archive/1/485894/100/200/threaded -

Information

Published : 2008-01-08 19:46

Updated : 2024-11-21 00:41


NVD link : CVE-2008-0135

Mitre link : CVE-2008-0135

CVE.ORG link : CVE-2008-0135


JSON object : View

Products Affected

snitz_communications

  • snitz_forums_2000
CWE
CWE-264

Permissions, Privileges, and Access Controls