Executive Summary

Name CVE-2009-0964 First vendor Publication 2009-03-19
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Lifting Data Embedded in Client Distributions
CAPEC-65 Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-117 Data Interception Attacks
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-167 Lifting Sensitive Data from the Client
CAPEC-204 Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205 Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
52804 PHPRunner UserView_list.php Database Cleartext Password Disclosure

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/501894/100/0/threaded
EXPLOIT-DB https://www.exploit-db.com/exploits/8226
MISC http://www.bugreport.ir/index_63.htm
OSVDB http://osvdb.org/52804
VUPEN http://www.vupen.com/english/advisories/2009/0750
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/49279

Alert History

If you want to see full details history, please login or register.
Date Informations
2021-05-04 12:09:18
  • Multiple Updates
2021-04-22 01:09:38
  • Multiple Updates
2020-05-23 01:40:11
  • Multiple Updates
2020-05-23 00:23:31
  • Multiple Updates
2018-10-11 00:19:32
  • Multiple Updates
2017-09-29 09:24:07
  • Multiple Updates
2017-08-17 09:22:30
  • Multiple Updates
2016-06-28 17:37:20
  • Multiple Updates
2013-05-10 23:46:51
  • Multiple Updates