Vulnerabilities > CVE-2006-6890 - Information Disclosure vulnerability in Voc-Project Voodoo Chat 1.0Rc1B

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
voc-project
exploit available
NVD
Published: 2006-12-31
Updated: 2017-10-19

Summary

Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.

Vulnerable Configurations

Part Description Count
Application
Voc-Project
1

Exploit-Db

descriptionVoodoo chat 1.0RC1b (users.dat) Password Disclosure Vulnerability. CVE-2006-6890. Webapps exploit for php platform
fileexploits/php/webapps/3044.txt
idEDB-ID:3044
last seen2016-01-31
modified2006-12-30
platformphp
port
published2006-12-30
reporterbd0rk
sourcehttps://www.exploit-db.com/download/3044/
titleVoodoo chat 1.0RC1b users.dat Password Disclosure Vulnerability
typewebapps

References