RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.Referenceshttp://osvdb.org/41976https://www.exploit-db.com/exploits/3936
