[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0466Date: (C)2008-01-28   (M)2023-12-22


Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1019267
http://www.securityfocus.com/archive/1/486866/100/0/threaded
http://www.securityfocus.com/archive/1/486868/100/0/threaded
BID-27419
SREASON-3584
EXPLOIT-DB-4970
EXPLOIT-DB-4971
http://www.bugreport.ir/?/29
http://www.bugreport.ir/?/31
http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp

CPE    3
cpe:/a:webwiz:web_wiz_forums:9.07
cpe:/a:webwiz:web_wiz_rich_text_editor:4.0
cpe:/a:webwiz:web_wiz_newspad:1.02
CWE    1
CWE-287

© SecPod Technologies