4 matches found
CVE-2006-6365
CVE-2006-6365 describes a SQL injection in DUware DUpayPal 3.1 (and possibly earlier) via the iType parameter in detail.asp, allowing remote execution of arbitrary SQL commands. Related parameters iState and iPro are covered by CVE-2005-3976 and CVE-2005-2047. The connected EUVD/NVD records corro...
CVE-2006-6367
CVE-2006-6367 describes multiple SQL injection vulnerabilities in DUware DUdownload 1.1 (and possibly earlier) specifically in detail.asp, exploitable via the iFile or action parameters (the iType parameter is covered by CVE-2005-3976). The vulnerability allows remote attackers to execute arbitra...
CVE-2005-3976
CVE-2005-3976 describes a SQL injection in DUware products (DUamazon 3.1, DUarticle 1.1, DUclassified 4.2, DUdirectory 3.1/3.0, DUdownload 1.1, DUgallery 3.3, DUnews 1.1, DUpaypal 3.1/Pro 3.0) via the iType parameter in type.asp. The underlying issue is that user-supplied input is used to constru...
CVE-2006-6354
CVE-2006-6354 and related CVEs describe multiple SQL injection vulnerabilities in DuWare DUNews (and DUNews-family) detail.asp, allowing remote attackers to inject SQL via the (1) iNews, (2) iType, or (3) Action parameters. The iType parameter in type.asp is already covered by CVE-2005-3976. The ...