header-logo
Suggest Exploit
vendor:
Zixforum
by:
Unknown
5.5
CVSS
MEDIUM
Database disclosure
200
CWE
Product Name: Zixforum
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Zixforum Database Disclosure Vulnerability

Remote users can download the database file 'ZixForum.mdb' and access sensitive information including unencrypted authentication credentials.

Mitigation:

Configure the web server to restrict access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10982/info

Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including unencrypted authentication credentials.

All versions of Zixforum are considered vulnerable to this issue.

This issue is being retired due to the fact that this is not a vulnerability in the application. Configuring the Web server to restrict access to sensitive files can prevent this problem.

http://www.example.com/forum/ZixForum.mdb

Navigation

Suggest Exploit

Services By CQR