Lucene search
BugTracker.NETEDB-ID:35031HistoryNov 30, 2010 - 12:00 a.m.
BugTracker.NET 3.4.4 - SQL Injection / Cross-Site Scripting
2010-11-3000:00:00
BugTracker.NET
www.exploit-db.com
12
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/45121/info
BugTracker.NET is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BugTracker.NET v3.4.4 is vulnerable; other versions may be affected.
http://www.example.com/edit_comment.aspx?id=48&bug_id=3%3E%3Cscript%3Ealert%28%27%27%29;%3C/script%3E Related
prion
prion
Cross site scripting
2010-12-02 16:22:00
cvelist
cvelist
CVE-2010-3266
2010-12-02 16:00:00
cve
cve
CVE-2010-3266
2010-12-02 16:22:21
nvd
nvd
CVE-2010-3266
2010-12-02 16:22:21
openvas
openvas
BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities
2011-04-01 00:00:00
BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities
2011-04-01 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2010.1109
2010-12-01 00:00:00
zdt
zdt
BugTracker.Net 3.4.4 Multiple Vulnerabilities
2010-12-02 00:00:00
securityvulns
securityvulns
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net
2010-12-01 00:00:00
exploitdb
exploitdb
BugTracker.NET 3.4.4 - Multiple Vulnerabilities
2010-12-01 00:00:00
exploitpack
exploitpack
BugTracker.NET 3.4.4 - Multiple Vulnerabilities
2010-12-01 00:00:00