Vulnerabilities > CVE-2007-1156 - Unspecified vulnerability in MAN Machine Systems Jbrowser
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability. CVE-2007-1156. Webapps exploit for php platform |
id | EDB-ID:23628 |
last seen | 2016-02-02 |
modified | 2004-01-30 |
published | 2004-01-30 |
reporter | Himeur Nourredine |
source | https://www.exploit-db.com/download/23628/ |
title | JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | JBROWSER_MULTIPLE_VULNS.NASL |
description | The remote host is running JBrowser - a PHP script designed to browse photos and files in a remote directory. It is possible to access the admin panel by directly requesting |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12032 |
published | 2004-02-02 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12032 |
title | JBrowser _admin/ Direct Request Admin Authentication Bypass |
code |
|
References
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2693
- http://osvdb.org/33141
- http://securityreason.com/securityalert/2370
- http://securitytracker.com/id?1008909
- http://www.securityfocus.com/archive/1/460923/100/0/threaded
- http://www.securityfocus.com/archive/1/461298/100/100/threaded
- http://www.securityfocus.com/bid/9537