3 matches found
CVE-2005-3976
CVE-2005-3976 describes a SQL injection in DUware products (DUamazon 3.1, DUarticle 1.1, DUclassified 4.2, DUdirectory 3.1/3.0, DUdownload 1.1, DUgallery 3.3, DUnews 1.1, DUpaypal 3.1/Pro 3.0) via the iType parameter in type.asp. The underlying issue is that user-supplied input is used to constru...
CVE-2006-6354
CVE-2006-6354 and related CVEs describe multiple SQL injection vulnerabilities in DuWare DUNews (and DUNews-family) detail.asp, allowing remote attackers to inject SQL via the (1) iNews, (2) iType, or (3) Action parameters. The iType parameter in type.asp is already covered by CVE-2005-3976. The ...
CVE-2006-2302
A CVE-2006-2302 entry describes a SQL injection vulnerability in DUGallery 2.x, specifically in admin_default.asp, exploitable via the (1) Login or (2) password fields. The underlying cause is improper input handling that allows remote attackers to execute arbitrary SQL commands. The NVD metrics ...