|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] .netCART Database Download Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jul 16 2003 - 06:54:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
.netCART Database Download Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9285/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
.netCART
DESCRIPTION:
A vulnerability has been reported in .netCART, which can be exploited
by malicious people to gain knowledge of sensitive information.
The vulnerability is caused due to an access control error.
Reportedly, anyone can download the database file "dotnetcard.mdb" in
the "Data/" directory, which can be exploited to gain knowledge of
various sensitive information (eg. about orders, users, and
passwords).
Example:
http://[victim]/Data/dotnetcard.mdb
SOLUTION:
Make sure that access to the "Data/" directory is restricted.
REPORTED BY / CREDITS:
G00db0y (Zone-H)
ORIGINAL ADVISORY:
http://www.zone-h.org/en/advisories/read/id=2696/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]