18 matches found
EUVD-2006-6348
Malware in sbrugna...
EUVD-2005-2049
Malware in sbrugna...
DUware DUpaypal 3.0/3.1 sub.asp iSub Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUware DUpaypal 3.0/3.1 detail.asp iPro Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
CVE-2006-6365
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...
CVE-2006-6365
CVE-2006-6365 describes a SQL injection in DUware DUpayPal 3.1 (and possibly earlier) via the iType parameter in detail.asp, allowing remote execution of arbitrary SQL commands. Related parameters iState and iPro are covered by CVE-2005-3976 and CVE-2005-2047. The connected EUVD/NVD records corro...
CVE-2006-6365
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...
aria-dupaypal.txt
Aria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=62 ----------------------------------------------------------- Software: DuPaypal Method: SQL Injection Vendor: http://www.duware.com/ PoC: /DUpaypal/type.asp?iType=SQL Injection...
[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=62 ----------------------------------------------------------- Software: DuPaypal Method: SQL Injection Vendor:...
DUpaypal Pro Multiple Scripts SQL Injection
The remote host is running DUpaypal Pro, an ASP-based storefront from DUware for Paypal. The installed version of DUpaypal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries,...
Echo Security Advisory 2005.19
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...
CVE-2005-2047
Affected product: DUware DUpaypal Pro (3.0; 3.1 noted in related CVEs) is affected by multiple SQL injection vulnerabilities. Vulnerability: Improper sanitization of user-supplied input enables remote attackers to craft SQL queries via specific parameters and pages: iCat to cat.asp (and catEdit.a...
CVE-2005-2047
Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 iCat parameter to cat.asp, 2 iPro parameter to detail.asp, 3 iSub parameter to sub.asp, 4 iCat parameter to catEdit.asp...
CVE-2005-2047
Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 iCat parameter to cat.asp, 2 iPro parameter to detail.asp, 3 iSub parameter to sub.asp, 4 iCat parameter to catEdit.asp...
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit coul...
[ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...
DUware DUpaypal 3.0/3.1 - 'detail.asp?iPro' SQL Injection
source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...
DUware DUpaypal 3.0/3.1 - 'sub.asp?iSub' SQL Injection
source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...