Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2887

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2887
Last Modified 07 Mar 2011 09:37:14
Published 07 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2887

Summary

Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.

Vulnerable Systems

Application

  • Aspburst Mynewsletter 1.1.2


References

VUPEN - ADV-2006-2149

BID - 18287

BUGTRAQ - 20060605 [KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection

MISC - http://www.kapda.ir/advisory-340.html

SECUNIA - 20423

XF - mynewsletter-username-sql-injection(26947)

OSVDB - 26274

OSVDB - 26127

SECTRACK - 1016229

SREASON - 1054


Last Updated: 27 May 2016 10:42:48