CVE-2006-1209
N/A
N/A
Summary
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.blogcu.com/Liz0ziM/316652/
- http://www.securityfocus.com/archive/1/427216/100/0/threaded
- http://biyosecurity.be/bugs/patm.txt
- http://www.securityfocus.com/archive/1/437513/100/200/threaded
- http://securityreason.com/securityalert/565
- http://secunia.com/advisories/17134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25127
References
- http://www.blogcu.com/Liz0ziM/316652/
- http://www.securityfocus.com/archive/1/427216/100/0/threaded
- http://biyosecurity.be/bugs/patm.txt
- http://www.securityfocus.com/archive/1/437513/100/200/threaded
- http://securityreason.com/securityalert/565
- http://secunia.com/advisories/17134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25127
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.