[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Thomson Web Skill Vantage Manager
From:       walter.sobchak () hushmail ! com
Date:       2005-07-28 9:22:17
Message-ID: 20050728092217.29243.qmail () securityfocus ! com
[Download RAW message or body]

Hi

Is anyone here using Thomson Web Skill Vantage Manager for online training? If yes I \
suggest to take the system offline and to improve input validation.The system allows \
an SQL injection at the login - this gives a visitor easy access with complete \
Administrator privileges over the system. A malicious user could damage the \
installation.

Don't know if this has been posted already, hope this info is of use.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic