Demarc PureSecure Authentication Check SQL Injection Vulnerability

Demarc PureSecure is a commercially available graphical front-end for Snort, in addition to being a generalized network monitoring solution. Snort is an open-source NIDS (Network Intrusion Detection System). Demarc PureSecure will run on most Linux and Unix variants, as well as Microsoft Windows NT/2000/XP operating systems.

A vulnerability has been reported in some versions of PureSecure. User supplied input is used to construct a SQL statement, allowing SQL injection attacks. Administrative access may be gained through exploitation of this flaw.


Privacy Statement
Copyright 2010, SecurityFocus