Thomson Web Skill Vantage Manager

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Thomson Web Skill Vantage Manager
From: walter.sobchak@xxxxxxxxxxxx
Date: 28 Jul 2005 09:22:17 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi

Is anyone here using Thomson Web Skill Vantage Manager for online training? If 
yes I suggest to take the system offline and to improve input validation.The 
system allows an SQL injection at the login - this gives a visitor easy access 
with complete Administrator privileges over the system. A malicious user could 
damage the installation.

Don't know if this has been posted already, hope this info is of use.

Prev by Date: Re: eBay phishing - phishers are getting better
Next by Date: Re: several vulnerabilities present in Belkin wireless routers
Previous by thread: [USN-155-2] Updated Epiphany packages to match Mozilla security update
Next by thread: [OpenPKG-SA-2005.015] OpenPKG Security Advisory (spamassassin)
Index(es):
- Date
- Thread