Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6517

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6517
Last Modified 07 Mar 2011 10:03:06
Published 24 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6517

Summary

SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Aeries Browser Interface 3.7.9.17


References

XF - aeries-lostpwd-sql-injection(39176)

VUPEN - ADV-2007-4302

BID - 26962

BUGTRAQ - 20071220 [Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection

OSVDB - 39383

SECUNIA - 28193

MISC - http://aria-security.net/forum/showthread.php?p=1174


Last Updated: 27 May 2016 10:46:31