Tunis the 31/jan/2006
bug found by Fireboy
fireboynet@webmails.com

Product affected:DBMan for Windows and Unix  
Product vendor: http://www.gossamer-threads.com

the problem with DBman is default passwords

these are default pass :

admin/admin,author/author,guest/guest

if the admin not change the pass , anyone can access the db and make changes/delete information.

the script of dbman is db.cgi and from that script , malicious action can be done.

fix:
change default passwords

exploit:
google:"Database Manager Demo:"

that's all
thanks