CVE-2005-1835

NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.
References
Link Resource
http://marc.info/?l=bugtraq&m=111764682925083&w=2 Third Party Advisory
http://secunia.com/advisories/15560 Broken Link Exploit Vendor Advisory
http://securitytracker.com/id?1014085 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:nextweb:nextweb_\(i\)site:*:*:*:*:*:*:*:*

History

25 Jan 2024, 21:50

Type Values Removed Values Added
References (SECTRACK) http://securitytracker.com/id?1014085 - (SECTRACK) http://securitytracker.com/id?1014085 - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111764682925083&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111764682925083&w=2 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/15560 - Exploit, Vendor Advisory (SECUNIA) http://secunia.com/advisories/15560 - Broken Link, Exploit, Vendor Advisory
CWE NVD-CWE-Other CWE-552

Information

Published : 2005-06-01 04:00

Updated : 2024-02-28 10:42


NVD link : CVE-2005-1835

Mitre link : CVE-2005-1835

CVE.ORG link : CVE-2005-1835


JSON object : View

Products Affected

nextweb

  • nextweb_\(i\)site
CWE
CWE-552

Files or Directories Accessible to External Parties