7 matches found
EV0062.txt
New eVuln Advisory: 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities http://evuln.com/vulns/62/summary.html --------------------Summary---------------- eVuln ID: EV0062 CVE: CVE-2006-0610 Software: 2200net Calendar system Sowtware's Web Site:...
[eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities
New eVuln Advisory: 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities http://evuln.com/vulns/62/summary.html --------------------Summary---------------- eVuln ID: EV0062 CVE: CVE-2006-0610 Software: 2200net Calendar system Sowtware's Web Site:...
[SA18781] 2200net Calendar System SQL Injection Vulnerabilities
TITLE: 2200net Calendar System SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18781 VERIFY ADVISORY: http://secunia.com/advisories/18781/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: From remote SOFTWARE: 2200net Calendar System 1.x...
Sql injection
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpcmagicquotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via 1 the fmdataid parameter to calendar.php and 2 the $ad'acc' variable in adminlogin.php...
CVE-2006-0610
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpcmagicquotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via 1 the fmdataid parameter to calendar.php and 2 the $ad'acc' variable in adminlogin.php...
CVE-2006-0610
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpcmagicquotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via 1 the fmdataid parameter to calendar.php and 2 the $ad'acc' variable in adminlogin.php...
CVE-2006-0610
The CVE-2006-0610 entry relates to the 2200net Calendar system (version 1.2). Two vulnerable vectors are identified: (1) calendar.php where fm_data[id] can be injected to modify SQL queries, and (2) adminlogin.php where $ad['acc'] can be manipulated. Affected condition: magic_quotes_gpc must be o...