---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: FAC Guestbook Database Disclosure Security Issue SECUNIA ADVISORY ID: SA24872 VERIFY ADVISORY: http://secunia.com/advisories/24872/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: FAC Guestbook 3.x http://secunia.com/product/13918/ FAC Guestbook 2.x http://secunia.com/product/13917/ DESCRIPTION: the_Edit0r has discovered a security issue in FAC Guestbook, which can be exploited by malicious people to gain knowledge of potentially sensitive information. The security issue is caused due to improper restrictions on db/gdb.mdb (version 2.0) and db/gbdb.mdb (version 3.01), which can be exploited to disclose the contents of the database (e.g. administrator password). The security issue is reported in version 2.0 and confirmed in version 3.01. SOLUTION: Restrict web access to the database files. PROVIDED AND/OR DISCOVERED BY: the_Edit0r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------