Vulnerabilities > CVE-2006-2727 - Denial-Of-Service vulnerability in Epic Designs Eggblog 2.0/3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

epic-designs

NVD

Published: 2006-06-01

Updated: 2018-10-18

Summary

home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. This vulnerability is addressed in the following product release: Epic Designs, eggblog, 3.0.7

Vulnerable Configurations

Part	Description	Count
Application	Epic_Designs Epic Designs Eggblog 2.0 Epic Designs Eggblog 3.0 Epic Designs Eggblog *	3

References

http://securityreason.com/securityalert/1005
http://www.nukedx.com/?viewdoc=36
http://www.securityfocus.com/archive/1/435284/100/0/threaded
http://www.securityfocus.com/archive/1/435300/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26833