 |
|
|
|
| Vulnerability details : |
| |
 |
|
Adobe Dreamweaver Server RAD Tools Multiple Unspecified SQL Injection |
|
|
Fiche créée le 2006-05-10 13:46:57, dernière mise à jour le 2009-10-23 05:57:40
Dreamweaver contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to scripts generated for the ColdFusion, PHP mySQL, ASP, ASP.NET, and JSP server models failing to properly sanitize user-supplied input to the various unspecified variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
| |
| Adobe Systems Incorporated 8 Affected | | Adobe Systems Incorporated 8.0.1 Affected | | Adobe Systems Incorporated 8.0.2 Possible Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2006-05-09 13:47:37
| Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. | | | | Disclosure : OSVDB Verified | Confirmé le 2006-05-09 13:47:37
| Exploit : Exploit Unknown
Unsure of exploit status. | Exploit découvert le 1970-01-01 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 25361 | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
