Dynix Webpac Input Validation

From: Wil Allsopp (rogueclient_at_yahoo.co.uk)
Date: 08/24/04

Next message: venglin_at_freebsd.lublin.pl: "multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl"

Previous message: Michael Wojcik: "RE: Running renamed executables with CMD.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Aug 2004 14:45:57 +0100 (BST)
To: bugtraq@securityfocus.com

Package: Epixtech / Dynix Webpac
Date: 23/08/2004
Problem Class: Input validation
Advisory: Wil Allsopp
Email: straylight@technophreaks.co.uk
Vendor status: Informed but unresponsive

Description
-----------
Webpac is a widely deployed library solutions system
(search google for webpac) that allows catalogue
services to be provided through a web interface.

The Epixtech / Dynix range of library solutions
software, most notably Webpac, contain numerous SQL
injection flaws.

Why is this a problem?
----------------------

Login bypass, command execution via stored procedures
and denial of service attacks against back end
databases. Both early and recent versions are
vulnerable.

___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com

Next message: venglin_at_freebsd.lublin.pl: "multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl"

Previous message: Michael Wojcik: "RE: Running renamed executables with CMD.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]