Vulnerabilities > CVE-2004-2398 - Unspecified vulnerability in Netenberg Fantastico DE Luxe 2.8

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

netenberg

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.

Vulnerable Configurations

Part	Description	Count
Application	Netenberg Netenberg Fantastico DE Luxe 2.8	1

References

http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html
http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html
http://www.securityfocus.com/bid/10390
http://www.securityfocus.com/bid/10390
https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
https://exchange.xforce.ibmcloud.com/vulnerabilities/16197