Tunis the 31/jan/2006 bug found by Fireboy fireboynet@xxxxxxxxxxxx Product affected:DBMan for Windows and Unix Product vendor: http://www.gossamer-threads.com the problem with DBman is default passwords these are default pass : admin/admin,author/author,guest/guest if the admin not change the pass , anyone can access the db and make changes/delete information. the script of dbman is db.cgi and from that script , malicious action can be done. fix: change default passwords exploit: google:"Database Manager Demo:" that's all thanks
