lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <006801c45b6c$a0332b00$2900a8c0@portatile>
From: luigidamato77 at yahoo.it (D'Amato Luigi)
Subject: ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0

26/06/2004

ZH2004-10SA (security advisory): Sql Injection in Help Desp Pro 2.0
Date of discovery : 1 Giugno 2004

Date of release  26 Giugno 2004

Nome: Help Desk Pro

Vulnerable Version: 2.0 non patchato

Vulnerability: Sql Injection

Autore: D'Amato Luigi from Zone-h Security Labs -
securitywireless@...e-h.it - admin@...uritywireless.info

Vendor: http://www.websoft.it/


Description

**********
Zone-H Security Team has discovered a flaw of securityin Help Desk Pro. This
vulnerability could allow malicious
attackers to bypass the authentication mechanish without having an account

Detail
********************************************
Due to an improper login validation in the login page it is possible to
bypass the authentication mechanism

Solution
**********
The vendor have been contact and have release a patch


--- 

D'Amato Luigi from Zone-h Security Labs -
securitywireless@...e-h.it -
admin@...uritywireless.info
Admin Security Wireless
http://www.securitywireless.info

http://www.zone-h.org/en/advisories/read/id=4891/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ