vendor:
blog
by:
SecurityFocus
7.5
CVSS
HIGH
Authentication Credential Database Disclosure, Unauthenticated Access to Scripts, Denial of Service, and Potential Compromise
200, 264, 285, 400
CWE
Product Name: blog
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
betaparticle blog Multiple Vulnerabilities
betaparticle blog is reported prone to multiple vulnerabilities. It is reported that betaparticle blog fails to sufficiently secure the authentication credential database, allowing a remote attacker to download and disclose the contents of the credential database. Additionally, several betaparticle blog scripts may be accessed by a remote unauthenticated attacker and may be employed to upload and delete arbitrary Web server accessible files, allowing a remote attacker to deny service for legitimate users or potentially compromise a target computer.
Mitigation:
Ensure that authentication credentials are stored securely and that access to scripts is restricted to authenticated users.
