[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dynix Webpac Input Validation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Dynix Webpac Input Validation
From: Wil Allsopp <rogueclient@xxxxxxxxxxx>
Date: Tue, 24 Aug 2004 14:45:57 +0100 (BST)

Package: Epixtech / Dynix Webpac
Date: 23/08/2004
Problem Class: Input validation
Advisory: Wil Allsopp
Email: straylight@xxxxxxxxxxxxxxxxxxx
Vendor status: Informed but unresponsive

Description
-----------
Webpac is a widely deployed library solutions system
(search google for webpac) that allows catalogue
services to be provided through a web interface.

The Epixtech / Dynix range of library solutions
software, most notably Webpac, contain numerous SQL
injection flaws. 

Why is this a problem?
----------------------

Login bypass, command execution via stored procedures
and denial of service attacks against back end
databases. Both early and recent versions are
vulnerable.




        
        
                
___________________________________________________________ALL-NEW Yahoo! 
Messenger - all new features - even more fun!  http://uk.messenger.yahoo.com

Prev by Date: RE: IE, Firefox, Opera DoS
Next by Date: multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl
Previous by thread: Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability - [Full-Disclosure] iDEFENSE Security Advisory 08.25.04
Next by thread: multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl
Index(es):
- Date
- Thread