what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-221
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
MD5 | 7ada12532dcad08bcd7a91455177b63b
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
These Are The 29 Countries Vulnerable To SIM Jacker Attacks
Posted Oct 14, 2019

tags | headline, hacker, phone, cybercrime, fraud, password, identity theft
China's Study The Great Nation App Enables Spying Via Back Door
Posted Oct 14, 2019

tags | headline, government, privacy, phone, china, spyware
Vulnerability Found And Fixed In HP Bloatware
Posted Oct 14, 2019

tags | headline, flaw, patch
Hammond Held In Contempt For Refusing To Answer Questions
Posted Oct 14, 2019

tags | headline, hacker, government, usa, data loss, anonymous, military
Feds Arrest International ATM Skimmer Ring
Posted Oct 11, 2019

tags | headline, government, bank, cybercrime, fraud
Planes, Gate, And Bags: How Hackers Can Hijack Your Local Airport
Posted Oct 11, 2019

tags | headline, hacker, terror
Teenagers Arrested Over Hacks To Met Police Website
Posted Oct 11, 2019

tags | headline, hacker, government, britain
Sophisticated Spy Kit Targets Russians With Rare GSM Plugin
Posted Oct 11, 2019

tags | headline, malware, phone, russia, cyberwar, spyware, backdoor
Apple Drops Hong Kong Police Tracking App Used By Protesters
Posted Oct 10, 2019

tags | headline, government, phone, china, cyberwar, apple
Forum Cracks The Vintage Passwords Of Ken Thompson And Other Unix Pioneers
Posted Oct 10, 2019

tags | headline, password
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close