CVE-2007-3357

NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/38563
http://securityreason.com/securityalert/2824
http://www.securityfocus.com/archive/1/471944/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35151
http://osvdb.org/38563
http://securityreason.com/securityalert/2824
http://www.securityfocus.com/archive/1/471944/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35151

Configurations

Configuration 1 (hide)

cpe:2.3:a:scriptdevelopers.net:netclassifieds:1.0.1:*:premium:*:*:*:*:*

History

21 Nov 2024, 00:33

Type	Values Removed	Values Added
References	~~() http://osvdb.org/38563 -~~	() http://osvdb.org/38563 -
References	~~() http://securityreason.com/securityalert/2824 -~~	() http://securityreason.com/securityalert/2824 -
References	~~() http://www.securityfocus.com/archive/1/471944/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/471944/100/0/threaded -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35151 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35151 -

Information

Published : 2007-06-22 18:30

Updated : 2024-11-21 00:33

NVD link : CVE-2007-3357

Mitre link : CVE-2007-3357

CVE.ORG link : CVE-2007-3357

JSON object : View

Products Affected

scriptdevelopers.net

netclassifieds

CWE

NVD-CWE-Other

{"id": "CVE-2007-3357", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-22T18:30:00.000", "references": [{"url": "http://osvdb.org/38563", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2824", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/471944/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35151", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38563", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2824", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/471944/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35151", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors."}, {"lang": "es", "value": "NetClassifieds Premium Edition no utiliza cifrado para (1) contrase\u00f1as almacenadas \u00f3 (2) datos confidenciales, lo cual podr\u00eda permitir a atacantes, obtener informaci\u00f3n confidencial mediante determinados vectores."}], "lastModified": "2024-11-21T00:33:02.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:scriptdevelopers.net:netclassifieds:1.0.1:*:premium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA73AC6-853D-425E-AE89-2B0DDE954522"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}