CVE-2006-1412 | Vulnerability Database | Aqua Security

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.

Affected Software

Name	Vendor	Start Version	End Version
Tft_gallery	Tft_gallery	0.10 (including)	0.10 (including)

References

http://secunia.com/advisories/19411
http://www.securityfocus.com/archive/1/453471/100/0/threaded
http://www.securityfocus.com/archive/1/453485/100/0/threaded
http://www.securityfocus.com/bid/17250
http://www.vupen.com/english/advisories/2006/1115
https://exchange.xforce.ibmcloud.com/vulnerabilities/25465
https://www.exploit-db.com/exploits/1611
http://secunia.com/advisories/19411
http://www.securityfocus.com/archive/1/453471/100/0/threaded
http://www.securityfocus.com/archive/1/453485/100/0/threaded
http://www.securityfocus.com/bid/17250
http://www.vupen.com/english/advisories/2006/1115
https://exchange.xforce.ibmcloud.com/vulnerabilities/25465
https://www.exploit-db.com/exploits/1611

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1412
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html