ID

VAR-200708-0112


CVE

CVE-2007-4234


TITLE

Camera Life Vulnerable to downloading private photos

Trust: 0.8

sources: JVNDB: JVNDB-2007-002476

DESCRIPTION

Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. Camera Life is prone to a remote security vulnerability. Camera Life is an open source PHP-based photo management and organization plugin. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Camera Life Security Bypass Vulnerability SECUNIA ADVISORY ID: SA26319 VERIFY ADVISORY: http://secunia.com/advisories/26319/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Camera Life 2.x http://secunia.com/product/15165/ DESCRIPTION: A vulnerability has been reported in Camera Life, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires knowledge of the names of the photos. The vulnerability is reported in versions prior to 2.6.0. SOLUTION: Update to version 2.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4234 // JVNDB: JVNDB-2007-002476 // BID: 85458 // VULHUB: VHN-27596 // PACKETSTORM: 58278

AFFECTED PRODUCTS

vendor:camera lifemodel:camera lifescope:lteversion:2.5.5

Trust: 1.0

vendor:camera lifemodel:camera lifescope:ltversion:2.6

Trust: 0.8

vendor:camera lifemodel:camera lifescope:eqversion:2.5.5

Trust: 0.6

vendor:cameramodel:life camera lifescope:eqversion:2.5.5

Trust: 0.3

sources: BID: 85458 // JVNDB: JVNDB-2007-002476 // CNNVD: CNNVD-200708-119 // NVD: CVE-2007-4234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4234
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-4234
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200708-119
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27596
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-4234
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27596
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27596 // JVNDB: JVNDB-2007-002476 // CNNVD: CNNVD-200708-119 // NVD: CVE-2007-4234

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-119

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200708-119

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002476

PATCH

title:Top Pageurl:http://fdcl.sourceforge.net/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002476

EXTERNAL IDS

db:NVDid:CVE-2007-4234

Trust: 2.8

db:SECUNIAid:26319

Trust: 1.8

db:XFid:35839

Trust: 0.9

db:JVNDBid:JVNDB-2007-002476

Trust: 0.8

db:CNNVDid:CNNVD-200708-119

Trust: 0.7

db:MISCid:HTTP://FDCL.SVN.SOURCEFORGE.NET/VIEWVC/*CHECKOUT*/FDCL/TRUNK/CHANGELOG

Trust: 0.6

db:BIDid:85458

Trust: 0.4

db:VULHUBid:VHN-27596

Trust: 0.1

db:PACKETSTORMid:58278

Trust: 0.1

sources: VULHUB: VHN-27596 // BID: 85458 // JVNDB: JVNDB-2007-002476 // PACKETSTORM: 58278 // CNNVD: CNNVD-200708-119 // NVD: CVE-2007-4234

REFERENCES

url:http://fdcl.svn.sourceforge.net/viewvc/%2acheckout%2a/fdcl/trunk/changelog

Trust: 2.0

url:http://sourceforge.net/forum/forum.php?forum_id=721006

Trust: 2.0

url:http://secunia.com/advisories/26319

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35839

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/35839

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4234

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4234

Trust: 0.8

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/26319/

Trust: 0.1

url:http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/15165/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-27596 // BID: 85458 // JVNDB: JVNDB-2007-002476 // PACKETSTORM: 58278 // CNNVD: CNNVD-200708-119 // NVD: CVE-2007-4234

CREDITS

Unknown

Trust: 0.3

sources: BID: 85458

SOURCES

db:VULHUBid:VHN-27596
db:BIDid:85458
db:JVNDBid:JVNDB-2007-002476
db:PACKETSTORMid:58278
db:CNNVDid:CNNVD-200708-119
db:NVDid:CVE-2007-4234

LAST UPDATE DATE

2025-04-10T23:24:23.540000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-27596date:2018-08-13T00:00:00
db:BIDid:85458date:2007-08-08T00:00:00
db:JVNDBid:JVNDB-2007-002476date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200708-119date:2011-07-26T00:00:00
db:NVDid:CVE-2007-4234date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-27596date:2007-08-08T00:00:00
db:BIDid:85458date:2007-08-08T00:00:00
db:JVNDBid:JVNDB-2007-002476date:2012-06-26T00:00:00
db:PACKETSTORMid:58278date:2007-08-08T04:01:26
db:CNNVDid:CNNVD-200708-119date:2007-08-08T00:00:00
db:NVDid:CVE-2007-4234date:2007-08-08T22:17:00