EUVD-2008-1614

Malware in sbrugna...

RedDot CMS ioRD.asp文件SQL注入漏洞

BUGTRAQ ID: 28872 CVECAN ID: CVE-2008-1613 RedDot CMS是一款网站内容管理系统。 RedDot CMS的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击。 传送给RedDot CMS的IoRD.asp文件的LngId参数负责分配CMS应用的语言环境。由于没有正确地验证该参数便在SQL语句中使用，因此远程攻击者可以通过SQL注入攻击绕过限制访问数据库，从数据库中枚举信息。 RedDot CMS 7.5.1 RedDot ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print...

Sql injection

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter...

CVE-2008-1613

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter...

CVE-2008-1613

RedDot CMS (ioRD.asp) is vulnerable to a pre-authentication SQL injection via the LngId parameter. The issue, present in RedDot CMS 7.5 Build 7.5.0.48 and potentially in 6.5 and 7.0, arises from inadequate validation of LngId, allowing remote attackers to execute arbitrary SQL and enumerate datab...

CVE-2008-1613

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter...

reddot-sql.txt

RedDot CMS SQL injection vulnerability CVE Number: CVE-2008-1613 http://www.irmplc.com/index.php/167-Advisory-026 Vulnerability Type/Importance: SQL injection/Critical Problem Discovered: 12 February 2008 Vendor Contacted: 19 February 2008 Advisory Published: 21 April 2008 Abstract: The RedDot CM...

[Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability

RedDot CMS SQL injection vulnerability CVE Number: CVE-2008-1613 http://www.irmplc.com/index.php/167-Advisory-026 Vulnerability Type/Importance: SQL injection/Critical Problem Discovered: 12 February 2008 Vendor Contacted: 19 February 2008 Advisory Published: 21 April 2008 Abstract: The RedDot CM...

RedDot CMS 7.5 - 'LngId' SQL Injection

!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== RedDot CMS 7.5 LngId Remote SQL Injection Exploit =================================================== !/usr/bin/env python un-comment your selection. import urllib2 import urllib import...

RedDot CMS 7.5 - LngId SQL Injection

RedDot CMS 7.5 - LngId SQL Injection !/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print...