CVE-2005-3434

CVSS 7.5 - HIGH
Description

Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.

Affected Products
3
Vendor Product Version
archilles newsworld All versions
archilles newsworld 1.3.1
archilles newsworld 1.3.2
References
http://marc.info/?l=bugtraq&m=113018731120709&w=2
http://secunia.com/advisories/17310/
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://marc.info/?l=bugtraq&m=113018731120709&w=2
http://secunia.com/advisories/17310/
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-2005-3434
Published:
2005-11-02
Modified:
2026-04-16
CVSS Score:
7.5
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Vendors
archilles
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL