RechnungsZentrale 2 1.1.3 - Authent.PHP4 SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17588/info RechnungsZentrale V2 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...

CVE-2006-1954

SQL injection vulnerability in authent.php4 in Nicolas Fischer aka NFec RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field...

CVE-2006-1954

Vulnerability summary (CVE-2006-1954) : A SQL injection in the authent.php4 component of RechnungsZentrale V2 (version 1.1.3 and possibly earlier) allows remote attackers to execute arbitrary SQL commands via the User field. The issue is triggered in the authentication path of RechnungsZentrale V...

CVE-2006-1955

The CVE-2006-1955 entry concerns RechnungsZentrale V2 (Nicolas Fischer/NFec) with versions 1.1.3 and earlier affected by a PHP remote file inclusion via the rootpath parameter in authent.php4, enabling possible arbitrary PHP code execution. Affected component: authent.php4; root cause: insecure h...

CVE-2006-1954

SQL injection vulnerability in authent.php4 in Nicolas Fischer aka NFec RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field...

CVE-2006-1955

PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer aka NFec RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

PT-2006-2938 · Unknown · Rechnungszentrale V2

Name of the Vulnerable Software and Affected Versions: RechnungsZentrale V2 versions 1.1.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the SQL injection vulnerability in the authent.php4 file, specifically via the Us...

PT-2006-2939 · Unknown · Rechnungszentrale V2

Name of the Vulnerable Software and Affected Versions: RechnungsZentrale V2 versions 1.1.3 and earlier Description: A remote file inclusion issue in the authent.php4 file allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. Recommendations: For...

RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities

---------------------------------------------------------------------------------- - GroundZero Security Research and Software Development 2006 - ---------------------------------------------------------------------------------- - - - Security Advisory regarding RechnungsZentrale v2. - - SQL...