Dxil

**Name of the Vulnerable Software and Affected Versions** VP-ASP Shopping Cart version 6.50 **Description** The issue allows remote attackers to download the database containing passwords due to insufficient access control. This is possible by making a direct request for the database file, specifically "database/shopping650.mdb". **Recommendations** For VP-ASP Shopping Cart version 6.50, consider restricting access to the database file "shopping650.mdb" to prevent unauthorized downloads until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** betaparticle blog (bp blog) versions prior to 3.0 betaparticle blog (bp blog) versions 3.0 through 9.0 **Description** The issue allows remote attackers to obtain sensitive information by directly requesting the database files. For versions before 3.0, this can be done via a direct request to "dbBlogMX.mdb". For versions 3.0 and later, as well as versions 6.0 through 9.0, the issue can be exploited by requesting "Blog.mdb". **Recommendations** For versions prior to 3.0, consider moving the database file `dbBlogMX.mdb` outside of the web root to prevent direct access. For versions 3.0 through 9.0, restrict access to the `Blog.mdb` file to minimize the risk of exploitation.