{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1015533", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015533"}, {"name": "ADV-2006-0321", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0321"}, {"name": "textrider-data-information-disclosure(24279)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24279"}, {"tags": ["x_refsource_MISC"], "url": "http://evuln.com/vulns/46/summary.html"}, {"name": "18605", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18605"}, {"name": "20060124 [eVuln] Text Rider Sensitive Information Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423130/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1015533", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015533"}, {"name": "ADV-2006-0321", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0321"}, {"name": "textrider-data-information-disclosure(24279)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24279"}, {"name": "http://evuln.com/vulns/46/summary.html", "refsource": "MISC", "url": "http://evuln.com/vulns/46/summary.html"}, {"name": "18605", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18605"}, {"name": "20060124 [eVuln] Text Rider Sensitive Information Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423130/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0439", "datePublished": "2006-01-26T22:00:00", "dateReserved": "2006-01-26T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:text_rider:text_rider:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "D582D746-E98A-4AFA-9823-AB98D5F47F70", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt."}, {"lang": "es", "value": "Text Rider 2.4 almacena informaci\u00f3n sensible en el directorio de datos bajo la ra\u00edz de documentos web, lo que permite a atacantes remotos obtener nombres de usuario y huellas (hashes) de contrase\u00f1as accediendo directamente a data/userlist.txt."}], "id": "CVE-2006-0439", "lastModified": "2018-10-19T15:44:46.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-26T22:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://evuln.com/vulns/46/summary.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18605"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015533"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423130/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0321"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24279"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}