CVE-2006-1412 Information

Description

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.

Reference

http://secunia.com/advisories/19411 http://www.securityfocus.com/archive/1/453471/100/0/threaded http://www.securityfocus.com/archive/1/453485/100/0/threaded http://www.securityfocus.com/bid/17250 http://www.vupen.com/english/advisories/2006/1115 https://exchange.xforce.ibmcloud.com/vulnerabilities/25465 https://www.exploit-db.com/exploits/1611