what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-220
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
MD5 | 9817075bb2329371dfb809dac5fa5ccc
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Apple Drops Hong Kong Police Tracking App Used By Protesters
Posted Oct 10, 2019

tags | headline, government, phone, china, cyberwar, apple
Forum Cracks The Vintage Passwords Of Ken Thompson And Other Unix Pioneers
Posted Oct 10, 2019

tags | headline, password
Ransomware Gang Uses iTunes Zero-Day
Posted Oct 10, 2019

tags | headline, hacker, virus, fraud, flaw, patch, apple, zero day
Human Rights Activist Allegedly Targeted With NSO Malware
Posted Oct 10, 2019

tags | headline, government, privacy, cyberwar, spyware
Court Finds FBI Use Of NSA Database Violated Americans' 4th Amendment Rights
Posted Oct 9, 2019

tags | headline, government, privacy, usa, data loss, spyware, fbi, nsa
Cookie Monster Eats Data From Sesame Street Store
Posted Oct 9, 2019

tags | headline, hacker, cybercrime, data loss, fraud, backdoor
iOS 13 Tells You When Apps Are Secretly Tracking You
Posted Oct 9, 2019

tags | headline, privacy, phone, spyware, apple
Twitter Sold User Security Information To Advertisers
Posted Oct 9, 2019

tags | headline, privacy, data loss, twitter
Trump's Syria Move Blindsides National Security Leaders
Posted Oct 8, 2019

tags | headline, government, usa, turkey, terror, syria
D-Link Gear Open To Remote Takeover Will Remain Unpatched
Posted Oct 8, 2019

tags | headline, flaw, patch
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close