NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.