exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-221
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
SHA-256 | aa84e124106e38044201acc658964bf70d81a2b24ca030fc5cbbdc9da2d4118a
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
What Happens When Crypto Derivatives Crash
Posted Jan 26, 2023

tags | headline, fraud, cryptography
Notice On Hive Ransomware Site Claims Seizure By FBI, Europol
Posted Jan 26, 2023

tags | headline, government, malware, cybercrime, fraud, fbi, cryptography
RSA's Demise From Quantum Attacks Is Very Much Exaggerated
Posted Jan 26, 2023

tags | headline, privacy, password, science, cryptography
Months After NSA Disclosed Microsoft Cert Bug, Datacenters Remain Unpatched
Posted Jan 26, 2023

tags | headline, privacy, microsoft, flaw, nsa, cryptography
Hackers Demand $10M From Riot Games To Stop Leak Of League Of Legends Source Code
Posted Jan 25, 2023

tags | headline, hacker, cybercrime, data loss, fraud
DragonSpark Threat Actor Leverages Open Source RAT
Posted Jan 25, 2023

tags | headline, hacker, malware, china, backdoor
GoTo Warns Customers Of Crypto Key And Backup Heist
Posted Jan 25, 2023

tags | headline, hacker, privacy, data loss, password
Quantum Computers No Threat To Encryption Just Yet
Posted Jan 25, 2023

tags | headline, password, science, cryptography
Ransomware Victims Are Refusing To Pay
Posted Jan 24, 2023

tags | headline, hacker, malware, cybercrime, data loss, fraud, cryptography
Microsoft To Invest Billions In Chatbot Maker OpenAI
Posted Jan 24, 2023

tags | headline, microsoft, botnet, science
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close