6 matches found
EUVD-2004-0624
Malware in sbrugna...
Sql injection
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...
CVE-2004-0625
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page...
CVE-2004-0625
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page...
CVE-2004-0625
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page. Based on CVE-2004-0625 details, the issue enables partial confidentiality/integrity/availability impact (per CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P). Exploitation s...
[Full-Disclosure] ZH2004-14SA (security advisory):Sql Injection in Infinity WEB
06/27/2004 Vendor contacted: June 1st 2004 Published: June 26th 2004 Title: Infinity WEB Vulnerable versions :1.0 unpatched Type: Sql Injection Author: D'Amato Luigi from Zone-h Security Labs - [email protected] - [email protected] Vendor: http://www.websoft.it/ Description...