3 matches found
rt-sa-2006-005.txt
Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details ======= Product:...
CVE-2006-3013
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...
[Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange
Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details ======= Product:...