CVE-2009-5019
published 2010-12-01CVE-2009-5019: Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a…
PriorityP338medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.79%
84.6th percentile
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webwiz | web_wiz_newspad | — | — |
| webwiz | web_wiz_newspad | — | — |
| webwiz | web_wiz_newspad | — | — |
| webwiz | web_wiz_newspad | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Web Wiz NewsPad Express Edition 1.03 - Database File Disclosure
exploitdb·2010-11-15
CVE-2009-5019 Web Wiz NewsPad Express Edition 1.03 - Database File Disclosure
Web Wiz NewsPad Express Edition 1.03 - Database File Disclosure
---
NewsPad Database Download Vulnerability
#############################################################
#
# Exploit Title: NewsPad Database Download Vulnerability
# Date: 15/11/2010
# Author: keracker
# Software Link: www.webwiz.co.uk/webwiznewspad/downloads.asp
# Tested on: windows
# dork : "NewsPad Admin Login"
# Contact: [email protected] ~ [email protected]
#
############################################################
exploit # www.target.com/path/database/NewsPad.mdb
############################################################
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
WE ARE BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker
Exploit-DB
Web Wiz NewsPad - Database Disclosure
exploitdb·2009-12-24
CVE-2009-5019 Web Wiz NewsPad - Database Disclosure
Web Wiz NewsPad - Database Disclosure
---
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
[»] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work
[»] Web Wiz NewsPad Remote Database Disclosure Vulnerability
[»] Script: [ Web Wiz NewsPad ]
[»] Language: [ ASP ]
[»] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ]
[»] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ]
[»] Founder: [ ViRuSMaN ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
####################################################
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/84294/webwiznewspad-disclose.txthttp://www.exploit-db.com/exploits/10637http://www.exploit-db.com/exploits/15544https://exchange.xforce.ibmcloud.com/vulnerabilities/55043http://packetstormsecurity.org/files/view/84294/webwiznewspad-disclose.txthttp://www.exploit-db.com/exploits/10637http://www.exploit-db.com/exploits/15544https://exchange.xforce.ibmcloud.com/vulnerabilities/55043
2010-12-01
Published