Vulnerabilities > CVE-2004-2398 - Unspecified vulnerability in Netenberg Fantastico DE Luxe 2.8

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

netenberg

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.

Vulnerable Configurations

Part	Description	Count
Application	Netenberg Netenberg Fantastico DE Luxe 2.8	1

References

http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html
http://www.securityfocus.com/bid/10390
https://exchange.xforce.ibmcloud.com/vulnerabilities/16197