[39988] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Thomson Web Skill Vantage Manager

daemon@ATHENA.MIT.EDU (walter.sobchak@hushmail.com)
Thu Jul 28 18:00:49 2005

Date: 28 Jul 2005 09:22:17 -0000
Message-ID: <20050728092217.29243.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: walter.sobchak@hushmail.com
To: bugtraq@securityfocus.com

Hi

Is anyone here using Thomson Web Skill Vantage Manager for online training? If yes I suggest to take the system offline and to improve input validation.The system allows an SQL injection at the login - this gives a visitor easy access with complete Administrator privileges over the system. A malicious user could damage the installation.

Don't know if this has been posted already, hope this info is of use.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39988] in bugtraq

Thomson Web Skill Vantage Manager

daemon@ATHENA.MIT.EDU (walter.sobchak@hushmail.com)Thu Jul 28 18:00:49 2005

daemon@ATHENA.MIT.EDU (walter.sobchak@hushmail.com)
Thu Jul 28 18:00:49 2005