what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

Zero Day Initiative Advisory 10-220: Posted Oct 28, 2010; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.; tags | advisory, remote, arbitrary, sql injection, asp; advisories | CVE-2010-0112; SHA-256 | 510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 137 files
Ubuntu 106 files
Debian 22 files
Google Security Research 11 files
LiquidWorm 10 files
Abdulhakim Oner 8 files
Muhammad Navaid Zafar Ansari 7 files
nu11secur1ty 5 files
fearzzzz 5 files
Jann Horn 5 files

Recent News

House Leaders Don't Want CISA's Reach To Exceed Its Grasp: Posted Mar 24, 2023; tags | headline, government, usa; Favorite | View

Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41: Posted Mar 23, 2023; tags | headline, hacker; Favorite | View

ChatGPT Bug Leaked Users' Conversation Histories: Posted Mar 23, 2023; tags | headline, privacy, data loss, botnet, science; Favorite | View

B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe: Posted Mar 23, 2023; tags | headline, government, usa, fraud, cryptography; Favorite | View

Threat Actor Attempted Email Compromise Attack For $36 Million: Posted Mar 23, 2023; tags | headline, hacker, email, cybercrime, fraud, password, phish; Favorite | View

CISA, NSA Push Identity And Access Management Framework: Posted Mar 23, 2023; tags | headline, government, usa, data loss, password; Favorite | View

Bogus ChatGPT Extension Steals Facebook Cookies: Posted Mar 23, 2023; tags | headline, hacker, privacy, malware, data loss, facebook; Favorite | View

Report: Wartime Hacking Is Spilling Into The Financial Sector: Posted Mar 22, 2023; tags | headline, government, bank, russia, denial of service, cyberwar, military, ukraine; Favorite | View

Now Patched Outlook Zero Day Gains PoC And Growing Concerns: Posted Mar 22, 2023; tags | headline, microsoft, email, flaw, patch, zero day; Favorite | View

Xi, Putin, Declare Intent To Rule The World Of AI, Infosec: Posted Mar 22, 2023; tags | headline, government, russia, china, cyberwar, science; Favorite | View

View More News →

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec