CVE-2004-1219

Published: Jan 10, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.

Affected (1)

Products: Php Arena: Pafiledb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Php Arena Pafiledb	Version 3.1

References (8)

http://echo.or.id/adv/adv09-y3dips-2004.txt

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110245123927025&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/11818

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18364

Source: cve@mitre.org

http://echo.or.id/adv/adv09-y3dips-2004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110245123927025&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11818

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18364

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.