The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a semi-predictable file name.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Employee_timeclock_software | Timeclock-software | 0.99 (including) | 0.99 (including) |
References
- http://secunia.com/advisories/38739
- http://secunia.com/secunia_research/2010-10/
- http://www.osvdb.org/62833
- http://www.securityfocus.com/archive/1/509990/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56798
- http://secunia.com/advisories/38739
- http://secunia.com/secunia_research/2010-10/
- http://www.osvdb.org/62833
- http://www.securityfocus.com/archive/1/509990/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56798