28 matches found
EUVD-2004-2193
Malware in sbrugna...
EUVD-2004-2192
Malware in sbrugna...
EUVD-2005-2050
Malware in sbrugna...
DUclassified 4.x adDetail.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...
DUforum 3.x Login Form Password Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...
DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...
DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...
DUware DUforum 3.0/3.1 userEdit.asp id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...
DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...
[Aria-Security Team] DuWare DuForum SQL Injection Vuln
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=58 ----------------------------------------------------------- Software: DUdForum 3.0 Method: http://duware.com Vendor: PoC:...
CVE-2004-2201
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FORID parameter in messages.asp, 2 MSGID parameter in messageDetail.asp, or 3 password parameter in the login form...
CVE-2004-2200
Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...
CVE-2004-2200
DUforum (DUware) versions 3.0–3.1 are affected by a cross-site scripting (XSS) vulnerability in the message text handling, allowing remote attackers to inject arbitrary web script or HTML. The root cause is improper handling/validation of message text content, leading to script execution in the v...
CVE-2004-2201
CVE-2004-2201 describes an SQL injection vulnerability in DUware DUforum 3.0–3.1. The issue allows remote attackers to execute arbitrary SQL commands by providing crafted input via the FOR_ID parameter in messages.asp, the MSG_ID parameter in messageDetail.asp, or the password parameter on the lo...
DUforum Multiple Scripts SQL Injection
The remote host is running DUforum, a web-based message board written in ASP from DUware. The installed version of DUforum fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries,...
Echo Security Advisory 2005.19
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...
CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 iMsg parameter to messages.asp, iFor parameter to 2 post.asp or 3 forums.asp, or 4 id parameter to userEdit.asp. NOTE: vectors 1 and 3 were...
CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 iMsg parameter to messages.asp, iFor parameter to 2 post.asp or 3 forums.asp, or 4 id parameter to userEdit.asp. NOTE: vectors 1 and 3 were...
CVE-2005-2048
Summary (CVE-2005-2048): DUforum 3.1 (DUware) is affected by multiple SQL injection vulnerabilities due to improper input sanitization. The exploitable parameters are (1) iMsg in messages.asp, (2) iFor in post.asp, (3) iFor in forums.asp, and (4) id in userEdit.asp. This allows remote attackers t...
DUware DUforum 3.03.1 - userEdit.asp?id SQL Injection
DUware DUforum 3.03.1 - userEdit.asp?id SQL Injection source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could...