Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2669

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2669
Last Modified 05 Sep 2008 04:44:47
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2669

Summary

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.

Vulnerable Systems

Application

  • Neocrome Land Down Under 701


References

XF - land-down-under-sql-injection(17912)

BID - 11569

MISC - http://www.ptsecurity.ru/advisory.asp

OSVDB - 11302

OSVDB - 11301

OSVDB - 11300

OSVDB - 11299

MISC - http://www.neocrome.net/page.php?id=1573

CONFIRM - http://www.neocrome.net/index.php?m=single&id=91

SECTRACK - 1012015

SECUNIA - 13034


Last Updated: 27 May 2016 10:39:34