Duware : Security Vulnerabilities, CVEs, Published In 2006 (Sql injection)
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.57%
Published
2006-12-10
Updated
2018-10-17
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
Max CVSS
7.5
EPSS Score
0.25%
Published
2006-12-07
Updated
2017-07-29
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
Max CVSS
7.5
EPSS Score
0.42%
Published
2006-12-07
Updated
2018-10-17
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
Max CVSS
10.0
EPSS Score
0.35%
Published
2006-12-07
Updated
2018-10-17
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
Max CVSS
7.5
EPSS Score
0.48%
Published
2006-12-07
Updated
2018-10-17
SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field.
Max CVSS
7.5
EPSS Score
0.21%
Published
2006-05-11
Updated
2017-07-20
SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.4
EPSS Score
0.30%
Published
2006-05-01
Updated
2008-09-05
7 vulnerabilities found