what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-220
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
SHA-256 | 510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165d
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Most Criminal Cryptocurrency Is Funneled Through Just 5 Exchanges
Posted Jan 30, 2023

tags | headline, cybercrime, fraud, cryptography
US Hacks Back Against Hive Ransomware Crew
Posted Jan 27, 2023

tags | headline, hacker, government, malware, usa, cybercrime, fraud, cryptography
2 Federal Agencies Hacked With Remote Monitoring
Posted Jan 27, 2023

tags | headline, hacker, government, usa, backdoor
Russian Hackers Launch Attack On Germany In Leopard Retaliation
Posted Jan 27, 2023

tags | headline, government, russia, cyberwar, germany, military
Google Slays Thousands Of Fake News Vids Posted By Dragonbridge
Posted Jan 27, 2023

tags | headline, government, china, fraud, cyberwar, google
What Happens When Crypto Derivatives Crash
Posted Jan 26, 2023

tags | headline, fraud, cryptography
Notice On Hive Ransomware Site Claims Seizure By FBI, Europol
Posted Jan 26, 2023

tags | headline, government, malware, cybercrime, fraud, fbi, cryptography
RSA's Demise From Quantum Attacks Is Very Much Exaggerated
Posted Jan 26, 2023

tags | headline, privacy, password, science, cryptography
Months After NSA Disclosed Microsoft Cert Bug, Datacenters Remain Unpatched
Posted Jan 26, 2023

tags | headline, privacy, microsoft, flaw, nsa, cryptography
Hackers Demand $10M From Riot Games To Stop Leak Of League Of Legends Source Code
Posted Jan 25, 2023

tags | headline, hacker, cybercrime, data loss, fraud
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close