CVE-2009-0760 Information

Description

Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.

Reference

http://packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt http://secunia.com/advisories/33839 http://www.osvdb.org/51752 https://www.exploit-db.com/exploits/7982