CVE

Id
24954  
CVE No.
CVE-2007-1597  
Status
Candidate  
Description
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.  
Phase
Assigned (20070322)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
247764 24954 CVE-2007-1597 BUGTRAQ:20070319 Unclassified NewsBoard 1.6.3 multiples logs disclosure  View
247765 24954 CVE-2007-1597 URL:http://www.securityfocus.com/archive/1/archive/1/463186/100/0/threaded  View
247766 24954 CVE-2007-1597 OSVDB:35201  View
247767 24954 CVE-2007-1597 URL:http://osvdb.org/35201  View
247768 24954 CVE-2007-1597 XF:unb-log-information-disclosure(33150)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56593 JVNDB-2007-005285 WordPress の wp-login.php における認証ユーザを他の Web サイトへリダイレクトされる脆弱性 WordPress の wp-login.php には、認証ユーザを他の Web サイトへリダイレクトされる、および重要な情報を取得される脆弱性が存在します。 CVE-2007-1599 24954 6.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005285.html  View