2 matches found
Sql injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the 1 uname parameter aka user field or the 2 psw parameter aka passwd field. NOTE: some of these details are obtained from third party information...
Authentication flaw
The logintosimulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending...