aspWebCalendar Free Edition bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: aspWebCalendar Free Edition bug
From: joseph.giron13@xxxxxxxxx
Date: 31 Mar 2009 03:46:19 -0000

I'm not sure how to classify this bug / vulnerability, but for aspWebCalendar Free edition, you can openly download the mdb file and read its contents (username,pasword). 
Example
http://www.example.com/calendar/calendar.mdb

I guess the fix would be to place the mdb file outside of wwwroot.

Prev by Date: Re: Family Connections 1.8.1 Multiple Remote Vulnerabilities
Next by Date: Re: [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
Previous by thread: [SECURITY] [DSA 1760-1] New openswan packages fix denial of service
Next by thread: Cisco ASA5520 Web VPN Host Header XSS
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux