Info

Disclosure

Mar 29, 2005

Discovery

Unknown

Dates

Exploit

Mar 29, 2005

Solution

Unknown

Description

Ublog Reload contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly requests the ublogreload.mdb file, which will disclose the administrator login and hashed password resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Upgrade to version 1.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Uapplication

Ublog Reload

1.0.4

References

Security Tracker: 1013603
Secunia Advisory ID: 14725
Related OSVDB ID: 15121
CVE ID: 2005-0938 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0509.html
Vendor URL: http://www.uapplication.com/

Credit

3nitro - 3nitropersianhacker.net - PersianHacker Team

Direct URL: http://osvdb.org/36218