Информационная безопасность
[RU] switch to English

Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  b2ePMS 1.0 Authentication Bypass Vulnerability

  Liferay users can assign themselves to organizations, leading to possible privilege escalation

  Liferay 6.1 json webservices are subject to cross-site request forgery attacks

  Liferay 6.1 can be compromised without having an account on the portal

From:ddivulnalert_(at)_ddifronline.com <ddivulnalert_(at)_ddifronline.com>
Date:3 июня 2012 г.
Subject:DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass

DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass


Date Discovered
April 2, 2012

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: [email protected]$

Vulnerability Description
Multiple SQL injection vectors and an authentication bypass were discovered in SCLIntra Enterprise. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques.

Solution Description
The vendor has indicated that the current version of SCLIntra Enterprise is version 6 and does not contain the vulnerabilities reported by DDI. Any SCLIntra Enterprise customers still using versions prior to 6 should contact SCLogic at 1.888.700.7027 to remedy the vulnerabilities (a current SCLogic support contract is required).

Tested Systems / Software
SCLogic SCLIntra Enterprise 5.5.2 on Windows 2003

Vendor Contact
Vendor Name: SCLogic
Vendor Website: http://www.sclogic.com/

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород