CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0889

MEDIUM
4.6
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile5.56th
PublishedFeb 12, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.

Affected Platforms (CPE)

πŸ“¦
Kiwi Enterprises

Kiwi Cattools

All versions

References & Advisories

πŸ”— http://osvdb.org/33163
πŸ”— http://secunia.com/advisories/24103
πŸ”— http://securityreason.com/securityalert/2236
πŸ”— http://www.securityfocus.com/archive/1/459500/100/0/threaded
πŸ”— http://osvdb.org/33163
πŸ”— http://secunia.com/advisories/24103
πŸ”— http://securityreason.com/securityalert/2236
πŸ”— http://www.securityfocus.com/archive/1/459500/100/0/threaded

Related Vulnerabilities

CVE-2007-088810.0

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary ...

CVE-2021-352306.7

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gai...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...