128 matches found
DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
DUdownload 1.0/1.1 detail.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21405/info Multiple DuWare products are prone to multiple SQL-injection vulnerabilities because they fail to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attack...
DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
DUware Software Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary file upload...
DUware DUpaypal 3.0/3.1 detail.asp iPro Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
DUware DUpaypal 3.0/3.1 sub.asp iSub Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...
Sql injection
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...
CVE-2008-2868
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...
CVE-2008-2868
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter...
CVE-2008-2868
CVE-2008-2868 affects DUware DUcalendar 1.0 (and possibly earlier). The vulnerability is in detail.asp and allows SQL injection via the iEve parameter, enabling remote attackers to execute arbitrary SQL commands. The connected documents confirm the existence and nature of the flaw and its impact,...
CVE-2006-6455
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password parameter. NOTE: some of these details are obtained from third party...
CVE-2006-6455
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password parameter. NOTE: some of these details are obtained from third party...
CVE-2006-6455
CVE-2006-6455 affects DUware DUdirectory 3.1 (and possibly DUdirectory Pro/Pro SQL 3.x). The vulnerability is multiple SQL injections in admin/default.asp that allow remote attackers to execute arbitrary SQL via the Username or Password parameters. This entry derives from third‑party information ...
DUware多个组件管理员访问文件上传漏洞
DUware包含多个基于WEB程序的系统,包括日历,下载,新闻系统等。DUware包含的多个程序访问验证问题,远程攻击者可以利用这个漏洞绕过验证访问敏感信息,并上传恶意文件等。DUware多个脚本没有正确的安全访问检查,攻击者可以直接访问这些管理脚本,以管理员身份控制应用程序。并可以通过提交恶意表单上传任意文件。 DUware 1.0-4.0 目前厂商已经发布了升级补丁以修复这个安全问题 请到厂商的主页下载:http://www.duware.com/home/ - Admin Access : - http://target/admin/incedit.asp?iEve=1 -...
dudirBypass.txt
DUdirectory Admin Panel SQL Injection Download: http://www.duware.com/zips/productsnew/DUdirectory31.zip Search:"DUdrirectory" DUdirectory/admin/default.asp User:'or' Pass:'or' Testing; http://www.euconvention.be/DUdirectory/admin/default.asp...
多个DuWare产品Detail.ASP SQL注入漏洞
DuWare是基于ASP的WEB应用程序。 DuWare多个产品不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'detail.ASP'脚本对用户提交的'itype'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 DUware DUpaypal Pro 3.1 DUware DUpaypal Pro 3.0 DUware DUpaypal 3.1 DUware DUpaypal 3.0 DUware DUnews 1.1 DUware DUnews 1.0 DUware DUdownload 1.1...
CVE-2006-6365
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...
CVE-2006-6367
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 iFile or 2 action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976...
CVE-2006-6365
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047...