aspWebCalendar Free Edition Database Disclosure

aspWebCalendar Free Edition Database Disclosure: Posted Apr 1, 2009; Authored by Joseph Giron; aspWebCalendar Free Edition suffers from a database disclosure vulnerability.; tags | exploit, info disclosure; MD5 | 2174c5fa47aa2ecbba718251812fa84d; Download | Favorite | Comments (0)

aspWebCalendar Free Edition Database Disclosure

I'm not sure how to classify this bug / vulnerability, but for aspWebCalendar Free edition, you can openly download the mdb file and read its contents (username,pasword). 
Example
http://www.example.com/calendar/calendar.mdb

I guess the fix would be to place the mdb file outside of wwwroot.

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

aspWebCalendar Free Edition Database Disclosure

aspWebCalendar Free Edition Database Disclosure

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

aspWebCalendar Free Edition Database Disclosure

Share This

aspWebCalendar Free Edition Database Disclosure

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems