EUVD-2012-1683

Malware in sbrugna...

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British Airways to their passengers via email are unencrypt...

Flaw in Multiple Airline Systems Exposes Passenger Data

Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at...

e-ticketing - SQL Injection

No description provided by source. 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. I...

CVE-2012-1673

SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter...

Sql injection

SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2012-1673

The CVE-2012-1673 issue affects the e-ticketing product, specifically the loginscript.php component, where both the user_name and password POST parameters can be used to perform SQL injection. The root cause is improper handling of input that allows remote attackers to execute arbitrary SQL comma...

CVE-2012-1673

SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter...

'e-ticketing' SQL Injection (CVE-2012-1673)

'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...

e-ticketing - SQL Injection

'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...

e-ticketing SQL Injection (CVE-2012-1673)

Exploit for php platform in category web applications 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST...

e-ticketing - SQL Injection

e-ticketing - SQL Injection 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TEST...

e-ticketing SQL Injection

'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...