CVE-2008-4180

Published: Sep 23, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability."

Affected (1)

Products: Nooms: Nooms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nooms Nooms	Version 1.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://securityreason.com/securityalert/4289

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496236/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45076

Source: cve@mitre.org

http://securityreason.com/securityalert/4289

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496236/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45076

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.