[VIM] CVE-2008-0135

str0ke str0ke at milw0rm.com
Mon Dec 29 05:15:50 UTC 2008

Anyone who installs the app pretty much has to read the Readme.htm file. 

>From the Readme.htm

*Change the database name:*
When using an Access database, all the data is stored in a single file,
unlike the other databases. So caution should be taken in where you
store your Access database as it can be downloaded by anyone if they
know the path. 
If you store your Access database in a folder outside of your www folder
(or wherever you keep the files for the rest of your site), then you
should be safe because no one can download your database if it is
outside of your www folder.
If you store your database in a cgi-bin folder, or in your www folder,
then it is strongly recommended that you change the default database
name from *snitz_forums_2000.mdb* to a cryptic or not easy to guess
name. The name should be a combination of letters and numbers. That
makes it hard for anyone to guess the name of your database.

Example: *n92yr2fnis.mdb *


More information about the VIM mailing list