9 matches found
EUVD-2004-2193
Malware in sbrugna...
EUVD-2005-2050
Malware in sbrugna...
CVE-2004-2200
Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...
CVE-2004-2201
CVE-2004-2201 describes an SQL injection vulnerability in DUware DUforum 3.0–3.1. The issue allows remote attackers to execute arbitrary SQL commands by providing crafted input via the FOR_ID parameter in messages.asp, the MSG_ID parameter in messageDetail.asp, or the password parameter on the lo...
CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 iMsg parameter to messages.asp, iFor parameter to 2 post.asp or 3 forums.asp, or 4 id parameter to userEdit.asp. NOTE: vectors 1 and 3 were...
CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 iMsg parameter to messages.asp, iFor parameter to 2 post.asp or 3 forums.asp, or 4 id parameter to userEdit.asp. NOTE: vectors 1 and 3 were...
DUware DUforum 3.0/3.1 - 'forums.asp?iFor' SQL Injection
source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access...
CVE-2004-2200
Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...
CVE-2004-2201
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FORID parameter in messages.asp, 2 MSGID parameter in messageDetail.asp, or 3 password parameter in the login form...