New vulnerability in Xerox Fiery Webtools

2009.11.10
Credit: Bernardo Luis
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hello i am from portugal and i would like to report a new vulnerability in Xerox Fiery Webtools. The probleam is in /wt3/ summary.php?select= if you and ' you have the possibility to exploit this condition to inject SQL code. Already have contact the vendor best regards Bernardo Trigo Qualidade e Segurana Centro de Informtica Prof. Correia de Arajo (CICA) Faculdade de Engenharia da Universidade do Porto (FEUP) AVISO LEGAL Esta mensagem confidencial e dirigida apenas ao destinatrio. Se a recebeu por erro solicitamos que o comunique ao remetente e a elimine assim como qualquer documento anexo. Não h renncia à confidencialidade nem a nenhum privilgio devido a erro de transmissão. Qualquer opinião expressa nesta mensagem pertence unicamente ao autor remetente, e não representa necessariamente a opinião a não ser que expressamente se diga que o remetente est autorizado para o efectuar. DISCLAIMER This message is confidential and intended exclusively for the addressee. If you received this message by mistake please inform the sender and delete the message and attachments. No confidentiality nor any privilege regarding the information is waived or lost by any mistransmission. Any views or opinions contained in this message are solely those of the author, and do not necessarily represent , unless specifically stated and the sender is authorized to do so.

References:

http://xforce.iss.net/xforce/xfdb/54137
http://www.securityfocus.com/bid/36906
http://www.securityfocus.com/archive/1/archive/1/507650/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top