CVE

Id
34278  
CVE No.
CVE-2008-4161  
Status
Candidate  
Description
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.  
Phase
Assigned (20080922)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
375387 34278 CVE-2008-4161 MILW0RM:6490  View
375388 34278 CVE-2008-4161 URL:http://www.milw0rm.com/exploits/6490  View
375389 34278 CVE-2008-4161 BID:31248  View
375390 34278 CVE-2008-4161 URL:http://www.securityfocus.com/bid/31248  View
375391 34278 CVE-2008-4161 SECUNIA:31935  View
375392 34278 CVE-2008-4161 URL:http://secunia.com/advisories/31935  View
375393 34278 CVE-2008-4161 SREASON:4287  View
375394 34278 CVE-2008-4161 URL:http://securityreason.com/securityalert/4287  View
375395 34278 CVE-2008-4161 XF:assetman-searchinv-sql-injection(45233)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49561 JVNDB-2008-004871 Kolab Groupware Server の admin/user/create_user.php における平文パスワードを取得される脆弱性 Kolab Groupware Server の admin/user/create_user.php には、HTTP GET リクエスト内にユーザパスワードを配置するため、平文パスワードを取得される脆弱性が存在します。 CVE-2008-4165 34278 4 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004871.html  View