Bugtraq mailing list archives
Dynix Webpac Input Validation
From: Wil Allsopp <rogueclient () yahoo co uk>
Date: Tue, 24 Aug 2004 14:45:57 +0100 (BST)
Package: Epixtech / Dynix Webpac Date: 23/08/2004 Problem Class: Input validation Advisory: Wil Allsopp Email: straylight () technophreaks co uk Vendor status: Informed but unresponsive Description ----------- Webpac is a widely deployed library solutions system (search google for webpac) that allows catalogue services to be provided through a web interface. The Epixtech / Dynix range of library solutions software, most notably Webpac, contain numerous SQL injection flaws. Why is this a problem? ---------------------- Login bypass, command execution via stored procedures and denial of service attacks against back end databases. Both early and recent versions are vulnerable. ___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
Current thread:
- Dynix Webpac Input Validation Wil Allsopp (Aug 25)