[VIM] CVE-2006-2823
Steven M. Christey
coley at linus.mitre.org
Thu Jun 8 15:01:54 EDT 2006
On Thu, 8 Jun 2006, Stuart Moore wrote:
> Hi. The recently reported "new bug" in a.shopKart 2.0 [assigned
> CVE-2006-2823] is actually an old bug reported by CyberTalon back in
> March 2004:
>
> http://securitytracker.com/id?1009549
>
> It appears that there is no 2004-year CVE number assigned.
Agreed.
> Should the new CVE number be applied to the old report?
Yes. Aesthetically it should have come out with a 2004 number, but we
missed that this was a rediscovery.
Thanks for pointing this out! Updated CVE-2006-2823 below.
- Steve
======================================================
Name: CVE-2006-2823
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2823
Reference: BUGTRAQ:20060602 new bug
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/435746/100/0/threaded
Reference: FRSIRT:ADV-2006-2208
Reference: URL:http://www.frsirt.com/english/advisories/2006/2208
Reference: SECTRACK:1009549
Reference: URL:http://securitytracker.com/id?1009549
Reference: SECUNIA:20485
Reference: URL:http://secunia.com/advisories/20485
Reference: XF:ashopkart-database-file-access(15599)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15599
Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive
information under the web root with insufficient access control, which
allows remote attackers to download a database via a direct request
for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb.
More information about the VIM
mailing list