Vulnerabilities > CVE-2006-0722 - Variable Overwrite vulnerability in Reamday Enterprises Magic Downloads 1.1.3
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/44079/EV0073.txt |
id | PACKETSTORM:44079 |
last seen | 2016-12-05 |
published | 2006-02-22 |
reporter | Aliaksandr Hartsuyeu |
source | https://packetstormsecurity.com/files/44079/EV0073.txt.html |
title | EV0073.txt |
References
- http://evuln.com/vulns/73/summary.html
- http://secunia.com/advisories/18877
- http://securityreason.com/securityalert/468
- http://www.securityfocus.com/archive/1/425601/30/6830/threaded
- http://www.securityfocus.com/bid/16665
- http://www.vupen.com/english/advisories/2006/0602
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24615