Package: Epixtech / Dynix Webpac Date: 23/08/2004 Problem Class: Input validation Advisory: Wil Allsopp Email: straylight@xxxxxxxxxxxxxxxxxxx Vendor status: Informed but unresponsive Description ----------- Webpac is a widely deployed library solutions system (search google for webpac) that allows catalogue services to be provided through a web interface. The Epixtech / Dynix range of library solutions software, most notably Webpac, contain numerous SQL injection flaws. Why is this a problem? ---------------------- Login bypass, command execution via stored procedures and denial of service attacks against back end databases. Both early and recent versions are vulnerable. ___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
