Home > Vulnerability Database > CVE-2007-4656

Mend.io Vulnerability Database

CVE-2007-4656

Date: September 4, 2007

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Severity Score

4.0

Related Resources (12)

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392

Url: http://www.securityfocus.com/bid/25503

Url: http://osvdb.org/37444

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4656

Url: http://secunia.com/advisories/26657

Url: http://secunia.com/advisories/29377

Url: http://www.securitytracker.com/id?1018639

Url: http://www.debian.org/security/2008/dsa-1518

Url: http://www2.backup-manager.org/Release063

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4656

Url: http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173

Url: https://www.mend.io/vulnerability-database/CVE-2007-4656

Severity Score

4.0

Weakness Type (CWE)

Credentials Management

CWE-255

Cryptographic Issues

CWE-310

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-4656

Date: September 4, 2007

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?