CVE

Id
27773  
CVE No.
CVE-2007-4416  
Status
Candidate  
Description
** DISPUTED ** captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin"s username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application.  
Phase
Assigned (20070818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
286295 27773 CVE-2007-4416 BUGTRAQ:20070731 BellaBook Admin Bypass/Remote Code Execution  View
286296 27773 CVE-2007-4416 URL:http://www.securityfocus.com/archive/1/archive/1/475153/100/200/threaded  View
286297 27773 CVE-2007-4416 BUGTRAQ:20070801 Re: BellaBook Admin Bypass/Remote Code Execution  View
286298 27773 CVE-2007-4416 URL:http://www.securityfocus.com/archive/1/archive/1/475259/100/200/threaded  View
286299 27773 CVE-2007-4416 OSVDB:42506  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55608 JVNDB-2007-004300 IBM DB2 UDB における脆弱性 IBM DB2 UDB は、認証を適切にチェックしないため、不特定の影響を受ける脆弱性が存在します。 CVE-2007-4418 27773 5.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004300.html  View