Vulnerability Description
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Noah Medling | Rcblog | 1.03 |
References
- http://evuln.com/vulns/42/summary.htmlExploitVendor Advisory
- http://secunia.com/advisories/18547Vendor Advisory
- http://securitytracker.com/id?1015523
- http://www.fluffington.com/index.php?page=rcblogURL Repurposed
- http://www.osvdb.org/22679
- http://www.securityfocus.com/archive/1/422499/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24249
- http://evuln.com/vulns/42/summary.htmlExploitVendor Advisory
- http://secunia.com/advisories/18547Vendor Advisory
- http://securitytracker.com/id?1015523
- http://www.fluffington.com/index.php?page=rcblogURL Repurposed
- http://www.osvdb.org/22679
- http://www.securityfocus.com/archive/1/422499/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24249
FAQ
What is CVE-2006-0370?
CVE-2006-0370 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.
How severe is CVE-2006-0370?
CVE-2006-0370 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0370?
Check the references section above for vendor advisories and patch information. Affected products include: Noah Medling Rcblog.