Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam  Beyond Security  SecuriTeam Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	Citrix Broadcast Server login.asp SQL Injection 31 Dec. 2008    Summary The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.   Credit: The information has been provided by Corey LeBleu and r at b13$.    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Citrix Application Gateway Broadcast Server version 6.1  * Avaya AG250 Broadcast Server version 2.0 Solution Description: Citrix has released a patch for this flaw as described in Document ID CTX119315.  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Microsoft Office Excel Malformed Records Stack Buffer Overflow (MS09-021) Microsoft Excel Record Parsing Array Indexing Vulnerability (MS09-021) Microsoft Excel String Parsing Integer Overflow Vulnerability (MS09-021) libpurple MSN Protocol SLP Message Heap Overflow Vulnerability CA ARCserve Backup Message Engine Denial of Service Vulnerabilities Microsoft Internet Explorer setCapture Memory Corruption Vulnerability (MS09-019) Microsoft Internet Explorer Security Zone Restrictions Bypass Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability (MS09-019) Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability (MS09-019) Microsoft Internet Explorer DHTML Handling Memory Corruption Vulnerability (MS09-019) Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption (MS09-019) DX Studio Player Firefox Plug-in Command Injection SAP GUI Buffer Overflow Vulnerability Microsoft Office Word Document Parsing Buffer Overflow Vulnerability (MS09-027) Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (MS09-018)  Featured Articles Adobe Shockwave Player Director File Parsing Pointer Overwrite Mozilla Firefox Java Applet Loading Vulnerability Microsoft Internet Explorer Security Zone Restrictions Bypass Adobe Acrobat and Reader Heap Overflow Vulnerability Adobe Reader U3D Stack Overflow Vulnerability Apple CUPS NULL Pointer Vulnerability SonicWALL Global Security Client Privilege Escalation Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®