exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-221
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
SHA-256 | aa84e124106e38044201acc658964bf70d81a2b24ca030fc5cbbdc9da2d4118a
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close