34 matches found
EUVD-2005-2047
Malware in sbrugna...
EUVD-2005-4161
Malware in sbrugna...
EUVD-2005-1227
Malware in sbrugna...
DUware DUportal 3.4.3 Pro Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14029/info DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
DUportal Pro 3.4 result.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUportal Pro 3.4 search.asp iChannel Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUportal Pro 3.4 cat.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUportal Pro 3.4 inc_vote.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUportal Pro 3.4 detail.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
aria-portal.txt
Aria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=63 ----------------------------------------------------------- Software: DuPortal Pro 3.4 Method: SQL Injection Vendor: http://duware.com PoC:...
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=63 ----------------------------------------------------------- Software: DuPortal Pro 3.4 Method: SQL Injection Vendor:...
CVE-2005-4166
Cross-site scripting XSS vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter...
CVE-2005-4166
Cross-site scripting XSS vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter...
CVE-2005-4166
The CVE-2005-4166 entry documents a Cross-site Scripting (XSS) vulnerability in DUWare DUportal Pro 3.4.3, exploitable via the result parameter in password.asp. The affected component is password.asp within DUportal Pro 3.4.3; the root cause is input handling allowing script/HTML injection. The p...
DUportal Pro Multiple Scripts SQL Injection (2)
The remote host is running DUportal Pro, an ASP-based product suite from DUware for building web portals / online communities. The installed version of DUportal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an...
Echo Security Advisory 2005.19
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...
CVE-2005-2045
CVE-2005-2045 concerns multiple SQL injection flaws in DUportal Pro 3.4.3 from DUware. The product does not properly sanitize user input before using it in SQL queries, enabling remote attackers to affect database queries. Affected parameters include (1) iChannel to default.asp, (2) iData to deta...
CVE-2005-2045
Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the 1 iChannel parameter to default.asp, 2 iData parameter to detail.asp, 3 iMem parameter to members.asp, 4 iCat parameter to cat.asp, 5 offset parameter to...
CVE-2005-2045
Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the 1 iChannel parameter to default.asp, 2 iData parameter to detail.asp, 3 iMem parameter to members.asp, 4 iCat parameter to cat.asp, 5 offset parameter to...
[ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...