CVE-2006-1437 Information

Description

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control which allows remote attackers to read private comments via a direct request to eventpublisher.txt.

Reference

http://osvdb.org/ref/24/24236-upoint.txt http://secunia.com/advisories/19727 http://www.osvdb.org/24237 http://www.securityfocus.com/bid/17647