Lucene search
+L
DuwareDupaypal

4 matches found

CVE
CVE
added 2006/12/07 11:0 a.m.101 views

CVE-2006-6365

CVE-2006-6365 describes a SQL injection in DUware DUpayPal 3.1 (and possibly earlier) via the iType parameter in detail.asp, allowing remote execution of arbitrary SQL commands. Related parameters iState and iPro are covered by CVE-2005-3976 and CVE-2005-2047. The connected EUVD/NVD records corro...

7.5CVSS8.2AI score0.01429EPSS
CVE
CVE
added 2006/12/07 11:0 a.m.92 views

CVE-2006-6367

CVE-2006-6367 describes multiple SQL injection vulnerabilities in DUware DUdownload 1.1 (and possibly earlier) specifically in detail.asp, exploitable via the iFile or action parameters (the iType parameter is covered by CVE-2005-3976). The vulnerability allows remote attackers to execute arbitra...

7.5CVSS8.4AI score0.01579EPSS
CVE
CVE
added 2005/12/03 7:0 p.m.91 views

CVE-2005-3976

CVE-2005-3976 describes a SQL injection in DUware products (DUamazon 3.1, DUarticle 1.1, DUclassified 4.2, DUdirectory 3.1/3.0, DUdownload 1.1, DUgallery 3.3, DUnews 1.1, DUpaypal 3.1/Pro 3.0) via the iType parameter in type.asp. The underlying issue is that user-supplied input is used to constru...

7.5CVSS8.3AI score0.01211EPSS
CVE
CVE
added 2006/12/07 1:0 a.m.61 views

CVE-2006-6354

CVE-2006-6354 and related CVEs describe multiple SQL injection vulnerabilities in DuWare DUNews (and DUNews-family) detail.asp, allowing remote attackers to inject SQL via the (1) iNews, (2) iType, or (3) Action parameters. The iType parameter in type.asp is already covered by CVE-2005-3976. The ...

7.5CVSS8.5AI score0.01671EPSS