Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6269

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6269
Last Modified 15 Nov 2008 02:04:01
Published 07 Dec 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6269

Summary

Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.

Vulnerable Systems

Application

  • Xigla Absolute News Manager.net 5.1


References

BID - 26692

XF - absolutenewsmanager-multiple-sql-injection(38871)

CONFIRM - http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip

CONFIRM - http://www.xigla.com/news/default.aspx

MISC - http://www.procheckup.com/Vulnerability_PR07-39.php

SECUNIA - 27923

OSVDB - 40576

BUGTRAQ - 20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET


Last Updated: 27 May 2016 10:46:26