Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1000

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-1000
Last Modified 07 Mar 2011 09:31:33
Published 06 Mar 2006 03:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1000

Summary

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Vulnerable Systems

Application

  • G2soft Pentacle In-out Board 6.03


References

VUPEN - ADV-2006-0749

BID - 16818

BUGTRAQ - 20060225 Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.aspnewsid) Remote SQL Injection Vulnerability

BUGTRAQ - 20060225 Advisory: Pentacle In-Out Board <= 6.03 (login.asp) AuthencationByPass Vulnerability

MISC - http://www.nukedx.com/?viewdoc=14

MISC - http://www.nukedx.com/?viewdoc=13

SECTRACK - 1015682

SECUNIA - 19024

FULLDISC - 20060225 Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability

FULLDISC - 20060225 Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability


Last Updated: 27 May 2016 10:41:52