• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Zmerge Administration Database Insecure Default Access Control List

Solution:
Select the ZMerge administrator database (either zm50adm.nsf or
zmevladm.nsf depending on which version of ZMerge you have). Change
the access level for Default and Anonymous to "No Access".

For every entry that you have set to "No Access", verify that
"Read public documents" and "Write public documents" are
unchecked. If not, access will still be permitted for any public
documents (the database About document, etc.).

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.