Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6356

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6356
Last Modified 07 Mar 2011 10:16:12
Published 02 Mar 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6356

Summary

evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.

Vulnerable Systems

Application

  • Donnafontenot Evcal Events Calendar -


References

XF - evcaleventscalendar-evcal-security-bypass(47265)

MILW0RM - 7419

SECUNIA - 34258

XF - evcaleventscal-multiple-info-disclosure(47265)


Last Updated: 27 May 2016 10:49:59