Vulnerabilities > CVE-2006-4745 - Local Security vulnerability in Scarybear Pocketexpense PRO 3.9.1

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

scarybear

NVD

Published: 2006-09-13

Updated: 2018-10-17

Summary

ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.

Vulnerable Configurations

Part	Description	Count
Application	Scarybear Scarybear Pocketexpense PRO 3.9.1	1

References

http://airscanner.com/security/06062602_pocketexpensepro.htm
http://securityreason.com/securityalert/1559
http://www.securityfocus.com/archive/1/445607/100/0/threaded