Duware: Security Vulnerabilities
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
CVSS Score
7.5
EPSS Score
0.01
Published
2008-06-26
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.008
Published
2006-12-10
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
CVSS Score
7.5
EPSS Score
0.017
Published
2006-12-07
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVSS Score
7.5
EPSS Score
0.015
Published
2006-12-07
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
CVSS Score
7.5
EPSS Score
0.011
Published
2006-12-07
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
CVSS Score
10.0
EPSS Score
0.003
Published
2006-12-07
DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-08-31
SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-05-11
SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
6.4
EPSS Score
0.003
Published
2006-05-01
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2005-12-11
Page 1