exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed


Zero Day Initiative Advisory 10-226
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-226 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which listens by default on TCP port 80. The rdpageimlogic.aspx file does not validate the rdReport variable when parsing requests. It parses SQL statements from the file pointed to by this variable. A remote attacker can abuse this behavior to inject arbitrary SQL into the backend database.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2010-0112
SHA-256 | 058c945532c10394e1675bf7fa118cedd0dd9ce8e0818c0a089b82aec8d0fbd8
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By