ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
References
Link | Resource |
---|---|
http://secunia.com/advisories/18027 | Vendor Advisory |
http://securityreason.com/securityalert/253 | |
http://www.blogcu.com/Liz0ziM/144336/ | Exploit Vendor Advisory URL Repurposed |
http://www.securityfocus.com/archive/1/419393/100/0/threaded |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-15T11:00:00
Updated: 2018-10-19T14:57:01
Reserved: 2005-12-15T00:00:00
Link: CVE-2005-4249
JSON object: View
NVD Information
Status : Modified
Published: 2005-12-15T11:03:00.000
Modified: 2024-02-14T01:17:43.863
Link: CVE-2005-4249
JSON object: View
Redhat Information
No data.
CWE