Computer Security

Security Advisory: aspWebCalendar Free Edition bug
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3

  glFusion <= 1.1.2 COM_applyFilter()
/order sql injection exploit

  Family Connections 1.8.1 Multiple Remote Vulnerabilities

  Community CMS 0.5 Multiple SQL Injection Vulnerabilities

From:joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:01.04.2009
Subject:aspWebCalendar Free Edition bug

I'm not sure how to classify this bug / vulnerability, but for aspWebCalendar Free edition, you can
openly download the mdb file and read its contents (username,pasword).
Example
http://www.example.com/calendar/calendar.mdb

I guess the fix would be to place the mdb file outside of wwwroot.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server