Weblog Sensitive Information Disclosure in Note-A-Day

Summary

Vulnerability
Weblog Sensitive Information Disclosure in Note-A-Day
Discovered
2006.01.20
Last Update
0 n/a
ID
EV0044
CVE
CVE-2006-0404
Risk Level
medium
Type
Sensitive Information Disclosure
Status
Unpatched
Vendor
n/a
Vulnerable Software
Note-A-Day (http://noteaday.com/)
Version
2.1
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Sensitive Information Disclosure found in Note-A-Day (http://noteaday.com/) script.

Directory archive is not protected by htaccess in default installiation. This can be used to retrieve registered user's information including encrypted passwords.

PoC/Exploit

Admin's encrypted password:

http://host/noteday/archive/.phpass-admin

Solution.

Solution for "Weblog Sensitive Information Disclosure in Note-A-Day" is not available. Check vendor's website for updates.

Order Source Code Review

Protect against hacker attacks by source code analysis of your site made by our team.The work will be done by specialists in website security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>