[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Netasq UTM suffer from bypassing metacharacters filter
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Netasq UTM suffer from bypassing metacharacters filter
- From: kaveh ghaemmaghami <kavehghaemmaghami@xxxxxxxxxxxxxx>
- Date: Fri, 27 Jul 2012 12:28:12 -0700
Aswome coolkaveh look what I found
Title:Netasq UTM suffer from bypassing metacharacters filter
coolkaveh Advisory
coolkaveh@xxxxxxxxxxxxxx
Https://twitter.com/coolkaveh
Product : Netasq utm
Vendor Homepage: http://netasq.com
Criticality level : High
Description : A vulnerability has been discovered in Netasq UTM, which
can be exploited by malicious people to bypass metacharacters filter
provided by Netasq UTM. Input passed via the method POST is not
properly filtering before being passes to the webserver. This can be
exploited to SQL injection and etc.
Credit : coolkaveh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/