CVE-2006-0370 - Vulnerability Details - OpenCVE

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Noah Medling	Rcblog

Configuration 1 [-]

cpe:2.3:a:noah_medling:rcblog:1.03:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://evuln.com/vulns/42/summary.html
http://secunia.com/advisories/18547
http://securitytracker.com/id?1015523
http://www.fluffington.com/index.php?page=rcblog
http://www.osvdb.org/22679
http://www.securityfocus.com/archive/1/422499/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/24249

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-22T20:00:00

Updated: 2024-08-07T16:34:14.400Z

Reserved: 2006-01-22T00:00:00

Link: CVE-2006-0370

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-01-22T20:03:00.000

Modified: 2024-11-21T00:06:18.527

Link: CVE-2006-0370

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22679", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22679"}, {"name": "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"}, {"name": "1015523", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015523"}, {"name": "18547", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18547"}, {"tags": ["x_refsource_MISC"], "url": "http://evuln.com/vulns/42/summary.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fluffington.com/index.php?page=rcblog"}, {"name": "rcblog-data-config-insecure-directories(24249)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0370", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22679", "refsource": "OSVDB", "url": "http://www.osvdb.org/22679"}, {"name": "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"}, {"name": "1015523", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015523"}, {"name": "18547", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18547"}, {"name": "http://evuln.com/vulns/42/summary.html", "refsource": "MISC", "url": "http://evuln.com/vulns/42/summary.html"}, {"name": "http://www.fluffington.com/index.php?page=rcblog", "refsource": "MISC", "url": "http://www.fluffington.com/index.php?page=rcblog"}, {"name": "rcblog-data-config-insecure-directories(24249)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:34:14.400Z"}, "title": "CVE Program Container", "references": [{"name": "22679", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22679"}, {"name": "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"}, {"name": "1015523", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015523"}, {"name": "18547", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18547"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://evuln.com/vulns/42/summary.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.fluffington.com/index.php?page=rcblog"}, {"name": "rcblog-data-config-insecure-directories(24249)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0370", "datePublished": "2006-01-22T20:00:00", "dateReserved": "2006-01-22T00:00:00", "dateUpdated": "2024-08-07T16:34:14.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:noah_medling:rcblog:1.03:*:*:*:*:*:*:*", "matchCriteriaId": "F0687948-6158-471D-B5F2-F635804288DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes."}], "id": "CVE-2006-0370", "lastModified": "2024-11-21T00:06:18.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-22T20:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://evuln.com/vulns/42/summary.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18547"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015523"}, {"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://www.fluffington.com/index.php?page=rcblog"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/22679"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://evuln.com/vulns/42/summary.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.fluffington.com/index.php?page=rcblog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24249"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}