Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:32:21 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2243198685&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1003-advisories%2Fsecunia-etssql.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2243198685.1338179541.1338179541.1338179541.1%3B%2B__utmz%3D32867617.1338179541.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/87086/secunia-etssql.txt http://packetstormsecurity.org/files/87086/secunia-etssql.txt http://packetstormsecurity.org/files/87086/Employee-Timeclock-Software-SQL-Injection.html Wed, 10 Mar 2010 15:55:45 GMT Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.