Lucene search
K

128 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

DUdownload 1.0/1.1 detail.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21405/info Multiple DuWare products are prone to multiple SQL-injection vulnerabilities because they fail to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attack...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

DUware Software Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary file upload...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

DUware DUpaypal 3.0/3.1 detail.asp iPro Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

DUware DUpaypal 3.0/3.1 sub.asp iSub Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...

7.1AI score
Exploits0
Prion
Prion
added 2008/06/26 5:41 p.m.13 views

Sql injection

SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...

7.5CVSS9.2AI score0.01151EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2008/06/26 5:41 p.m.14 views

CVE-2008-2868

SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...

7.5CVSS8.5AI score0.01151EPSS
Exploits1References6
Cvelist
Cvelist
added 2008/06/26 5:0 p.m.22 views

CVE-2008-2868

SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...

8.5AI score0.01151EPSS
Exploits1References6
CVE
CVE
added 2008/06/26 5:0 p.m.43 views

CVE-2008-2868

CVE-2008-2868 affects DUware DUcalendar 1.0 (and possibly earlier). The vulnerability is in detail.asp and allows SQL injection via the iEve parameter, enabling remote attackers to execute arbitrary SQL commands. The connected documents confirm the existence and nature of the flaw and its impact,...

7.5CVSS8.5AI score0.01151EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/12/10 9:28 p.m.13 views

CVE-2006-6455

Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password parameter. NOTE: some of these details are obtained from third party...

7.5CVSS8.6AI score0.01298EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/12/10 9:0 p.m.18 views

CVE-2006-6455

Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password parameter. NOTE: some of these details are obtained from third party...

8.6AI score0.01298EPSS
Exploits0References6
CVE
CVE
added 2006/12/10 9:0 p.m.128 views

CVE-2006-6455

CVE-2006-6455 affects DUware DUdirectory 3.1 (and possibly DUdirectory Pro/Pro SQL 3.x). The vulnerability is multiple SQL injections in admin/default.asp that allow remote attackers to execute arbitrary SQL via the Username or Password parameters. This entry derives from third‑party information ...

7.5CVSS8.9AI score0.01298EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2006/12/09 12:0 a.m.25 views

DUware多个组件管理员访问文件上传漏洞

DUware包含多个基于WEB程序的系统,包括日历,下载,新闻系统等。DUware包含的多个程序访问验证问题,远程攻击者可以利用这个漏洞绕过验证访问敏感信息,并上传恶意文件等。DUware多个脚本没有正确的安全访问检查,攻击者可以直接访问这些管理脚本,以管理员身份控制应用程序。并可以通过提交恶意表单上传任意文件。 DUware 1.0-4.0 目前厂商已经发布了升级补丁以修复这个安全问题 请到厂商的主页下载:http://www.duware.com/home/ - Admin Access : - http://target/admin/incedit.asp?iEve=1 -...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/12/08 12:0 a.m.21 views

dudirBypass.txt

DUdirectory Admin Panel SQL Injection Download: http://www.duware.com/zips/productsnew/DUdirectory31.zip Search:"DUdrirectory" DUdirectory/admin/default.asp User:'or' Pass:'or' Testing; http://www.euconvention.be/DUdirectory/admin/default.asp...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.134 views

多个DuWare产品Detail.ASP SQL注入漏洞

DuWare是基于ASP的WEB应用程序。 DuWare多个产品不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'detail.ASP'脚本对用户提交的'itype'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 DUware DUpaypal Pro 3.1 DUware DUpaypal Pro 3.0 DUware DUpaypal 3.1 DUware DUpaypal 3.0 DUware DUnews 1.1 DUware DUnews 1.0 DUware DUdownload 1.1...

7AI score
Exploits0
NVD
NVD
added 2006/12/07 11:28 a.m.20 views

CVE-2006-6365

SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...

7.5CVSS8.1AI score0.01429EPSS
Exploits1References7
NVD
NVD
added 2006/12/07 11:28 a.m.13 views

CVE-2006-6367

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 iFile or 2 action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976...

7.5CVSS8.3AI score0.01579EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/12/07 11:0 a.m.19 views

CVE-2006-6365

SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...

8.1AI score0.01429EPSS
Exploits1References7
Rows per page
Query Builder