lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 2 Nov 2015 06:14:56 GMT
From: GalaxyCVEcollector@...il.com
To: bugtraq@...urityfocus.com
Subject: Accentis Content Resource Management System - SQL

Issue 1
# Vulnerability type: SQL Injection
# Vendor: http://www.accentis.com.au/
# Product: Accentis Content Resource Management System
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-3424

# PROOF OF CONCEPT (SQLi)

Accentis Content Resource Management System before October 2015 patch contains SQL Injection (SQLi) vulnerability which allows authenticated users to inject SQL statements via the following parameter.

# VULNERABLE PARAMETER:
- SIDX

# SAMPLE PAYLOAD
- '

# TIMELINE
- 15/04/2015: Vulnerability found
- 09/07/2015: Vendor informed
- 09/07/2015: Vendor responded and acknowledged
- 28/10/2015: Vendor fixed the issue
- 02/11/2015: Public disclosure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ