CVE-2005-3423 Information

Description

Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php (b) ipb2.php (c) phpbb2.php (d) vbulletin2.php and (e) vbulletin3.php.

Reference

http://rst.void.ru/papers/advisory35.txt http://secunia.com/advisories/17378 http://www.osvdb.org/20378 http://www.osvdb.org/20379 http://www.osvdb.org/20380 http://www.osvdb.org/20381 http://www.osvdb.org/20382 http://www.osvdb.org/20384 http://www.securityfocus.com/bid/15238