Vulnerabilities > CVE-2006-6258 - Input Validation vulnerability in AlternC
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/23144
- http://securityreason.com/securityalert/1965
- http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt
- http://www.securityfocus.com/archive/1/452988/100/0/threaded
- http://www.securityfocus.com/bid/21355
- http://www.vupen.com/english/advisories/2006/4851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30625