Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb.
http://www.persianhacker.net/news/news-2945.html
http://securitytracker.com/id?1013603