[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5063

Date: (C)2007-09-24   (M)2017-10-04 


Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
OSVDB-41903
EXPLOIT-DB-4436
flip-tcp-information-disclosure(36710)

CWE    1
CWE-255

© 2013 SecPod Technologies