|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 645 CVE : CVE-2006-1259 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : alex evuln com Published : 29.03.2006
Advisory Text : New eVuln Advisory: Maian Support Authentication Bypass http://evuln.com/vulns/103/summary.html --------------------Summary---------------- eVuln ID: EV0103 CVE: CVE-2006-1259 Software: Maian Support Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. Developer(s) contacted. PoC/Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- Vulnerable script: admin/index.php Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/103/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |