CVE-2007-0163

{"id": "CVE-2007-0163", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-10T00:28:00.000", "references": [{"url": "http://homepage.mac.com/adonismac/Advisory/steg/steganography.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/31244", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23639", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/456283/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/456519/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31378", "source": "cve@mitre.org"}, {"url": "http://homepage.mac.com/adonismac/Advisory/steg/steganography.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/31244", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23639", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/456283/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/456519/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31378", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information."}, {"lang": "es", "value": "SecureKit Steganography 1.7.1 y 1.8 incluye informaci\u00f3n de contrase\u00f1a en el archivo transportador, lo cual permite a atacantes remotos evitar los requisitos de autenticaci\u00f3n y descifrar la esteganograf\u00eda incluida reemplazando los \u00faltimos 20 bytes de la imagen JPEG con informaci\u00f3n de contrase\u00f1a alternativa."}], "lastModified": "2024-11-21T00:25:08.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:securekit:securekit_steganography:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFE088F-1AF2-42CB-B487-F213FD6E5DD1"}, {"criteria": "cpe:2.3:a:securekit:securekit_steganography:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A8A727-600C-4B45-8C53-88D560E7E345"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}