I'm not sure how to classify this bug / vulnerability, but for aspWebCalendar Free edition, you can openly download the mdb file and read its contents (username,pasword).
Example
http://www.example.com/calendar/calendar.mdb
I guess the fix would be to place the mdb file outside of wwwroot.