cbcvebase.
CVE-2004-2398
published 2004-12-31

CVE-2004-2398: Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and…

PriorityP44low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.34%
25.9th percentile
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.

Affected

4 ranges
VendorProductVersion rangeFixed in
haxxcurl>= 0 < 7.68.0-1ubuntu2.227.68.0-1ubuntu2.22
haxxcurl>= 0 < 7.81.0-1ubuntu1.167.81.0-1ubuntu1.16
haxxcurl>= 0 < 8.5.0-2ubuntu10.18.5.0-2ubuntu10.1
netenbergfantastico_de_luxe

CVSS provenance

nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv3.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.