CVE-2005-1835
nextweb (i)site - Unauthenticated Sensitive Information Exposure via Direct Database Request
Title source: llmDescription
NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111764682925083&w=2
Broken Link, Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15560
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014085
Scores
EPSS
0.0195
EPSS Percentile
77.6%
Details
CWE
CWE-552
Status
published
Products (1)
nextweb/nextweb_\(i\)site
Published
Jun 01, 2005
Tracked Since
Feb 18, 2026