CVE-2010-0123 Information

Description

The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control which allows remote attackers to download a database via a direct request for a \semi-predictable file name.\

Reference

http://secunia.com/advisories/38739 http://secunia.com/secunia_research/2010-10/ http://www.osvdb.org/62833 http://www.securityfocus.com/archive/1/509990/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/56798