Back to search
CVE-2004-2615
Published: Dec 4, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1011099
vdb-entry
x_refsource_SECTRACK
9385
vdb-entry
x_refsource_OSVDB
20040829 CuteNews News.txt writable to world
mailing-list
x_refsource_BUGTRAQ
cutenews-newstxt-world-writable(17161)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now