Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Recent | Sitemap

CVE-2007-5402 (HelpBox)
BugsAlert Home > CVE-2007-5402 (HelpBox)
 
 

Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.




Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5402

Learn more about CVE-2007-5402 (HelpBox)
 
Tags: cve-2007-5402 helpbox

Related Items
      FrSIRT - Redhat Security Update Fixes Acroread Code Execution Vulnerabilities

      Ubuntu update for python

      FrSIRT - Sun Solaris USB Mouse STREAMS Module Local Denial of Service

      Debian: New cupsys packages fix several vulnerabilities

      CVE-2008-4533 (web_server)

      CVE-2008-2768 (Absolute Poll Manager XE)

      Kaspersky Security Bulletin 2007: Malware evolution in 2007

 
© 2007-2009 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel