CVE-2007-4656

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Published: Sep 5, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4656
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200
CWE-255
CWE-310

Affected Software
References

Software	From	Fixed in
backup_manager / backup_manager	-	0.6.2.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392
http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173
http://osvdb.org/37444
http://secunia.com/advisories/26657
http://secunia.com/advisories/29377
http://www.debian.org/security/2008/dsa-1518
http://www.securityfocus.com/bid/25503
http://www.securitytracker.com/id?1018639
http://www2.backup-manager.org/Release063

Vulnerability Database

290,301

CVE-2007-4656