CVE-2006-1209
CVE-2006-1209
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/2968no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://biyosecurity.be/bugs/patm.txthttp://secunia.com/advisories/17134http://securityreason.com/securityalert/565https://exchange.xforce.ibmcloud.com/vulnerabilities/25127http://www.blogcu.com/Liz0ziM/316652/http://www.securityfocus.com/archive/1/427216/100/0/threadedhttp://www.securityfocus.com/archive/1/437513/100/200/threaded