|
|
CVE Reference: CVE-2006-2718 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2718 |
|
|
Description: JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26756 ST 1016181 SREASON http://securityreason.com/securityalert/1000 SAID Secunia Advisory: SA20342 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435730/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/435352/100/0/threaded |
|
| Return to the previous page. |
