CVE-2008-2134
Tru-Zone Nuke ET 3.x - Arbitrary Account Access via Journal Module Cookie Manipulation
Title source: llmDescription
The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30061
Various Sources x_refsource_misc
http://www.mrzayas.es/2008/05/04/multiples-vulnerabilidades-en-nuket-3x/
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29080
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42239
Patch x_refsource_confirm
http://truzone.org/modules.php?name=Forums&file=viewtopic&p=332746
Scores
EPSS
0.0120
EPSS Percentile
64.6%
Details
CWE
CWE-20
Status
published
Products (6)
tru-zone/nukeet
3.0
tru-zone/nukeet
3.1
tru-zone/nukeet
3.2
tru-zone/nukeet
3.3
tru-zone/nukeet
3.4
tru-zone/nukeet
3.9
Published
May 09, 2008
Tracked Since
Feb 18, 2026