7.5

CVE-2008-4929

Exploit
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MybbMybb Version1.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html
Exploit
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html
Exploit
Broken Link
http://www.openwall.com/lists/oss-security/2008/11/01/2
Exploit
Mailing List
http://www.vupen.com/english/advisories/2008/2967
Broken Link
http://www.securityfocus.com/bid/31936
Third Party Advisory
Broken Link
VDB Entry