Vulnerabilities > CVE-2007-0543 - Unspecified vulnerability in Zixforum
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN zixforum
nessus
Summary
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | ZIXFORUM_DATABASE_DISCLOSURE.NASL |
| description | The remote server is running ZixForum, a set of ASP scripts for a web-based forum. This program uses a database named |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14325 |
| published | 2004-08-22 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14325 |
| title | ZixForum ZixForum.mdb DIrect Request Database Disclosure |
References
- http://securityreason.com/securityalert/2189
- http://securityreason.com/securityalert/2189
- http://www.securityfocus.com/archive/1/457950/100/0/threaded
- http://www.securityfocus.com/archive/1/457950/100/0/threaded
- http://www.securityfocus.com/archive/1/458135/100/100/threaded
- http://www.securityfocus.com/archive/1/458135/100/100/threaded