Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2541

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2541
Last Modified 07 Mar 2011 09:36:28
Published 23 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2541

Summary

SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.

Vulnerable Systems

Application

  • John Andersson Zixforum 1.12


References

XF - zixforum-settings-sql-injection(26577)

VUPEN - ADV-2006-1889

BID - 18043

BUGTRAQ - 20060520 Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

OSVDB - 25707

MISC - http://www.kapda.ir/advisory-327.html

SECUNIA - 20190

SREASON - 946

MILW0RM - 1807


Last Updated: 27 May 2016 10:42:40