CVE-2006-2541 Information

Description

SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.

Reference

http://secunia.com/advisories/20190 http://securityreason.com/securityalert/946 http://www.kapda.ir/advisory-327.html http://www.osvdb.org/25707 http://www.securityfocus.com/archive/1/434575/100/0/threaded http://www.securityfocus.com/bid/18043 http://www.vupen.com/english/advisories/2006/1889 https://exchange.xforce.ibmcloud.com/vulnerabilities/26577 https://www.exploit-db.com/exploits/1807