7 matches found
EUVD-2004-2553
Malware in sbrugna...
LeighBusinessEnterprisesWebHelpDeskSQL注入漏洞
LBE Web Helpdesk是一款可通过WEB浏览器进行操作的Helpdesk系统。LBE Web Helpdesk不正确过滤用户提交的数据,远程攻击者可以利用这个漏洞进行SQL注入攻击,可能获得敏感数据或修改数据库。问题存在于jobedit.asp脚本对用户提交给'id'参数缺少过滤,提交包含恶意SQL命令的数据作为'id'参数,可修改'users'表,增加操作员相等权限的新用户。 Leigh Business Enterprises Web HelpDesk 4.0.0.80 临时解决方法:如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 在$nick...
CVE-2004-2562
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises LBE Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2004-2562
CVE-2004-2562 describes an SQL injection in Leigh Business Enterprises (LBE) Web Helpdesk’s jobedit.asp via the id parameter. Affected versions are prior to 4.0.0.81. The root cause is improper handling of the id parameter, enabling remote execution of arbitrary SQL commands (impacting confidenti...
LBEhelpdesk.txt
LBE Web HelpDesk SQL Injection Summary Leigh Business Enterprises's Web HelpDesk is "operated entirely through your web browser and is designed to be used by both your support staff and your customers". We found the product to contain at least one exploitable SQL Injection vulnerability that woul...
Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection
Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection source: https://www.securityfocus.com/bid/10773/info LBE Web HelpDesk is reported susceptible to an SQL injection vulnerability. This issue is due to improper sanitization of user-supplied data. This issue may allow a remote attacker to...
[NT] LBE Web HelpDesk SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...