RSS   Podatności dla 'Duforum'   RSS

2005-06-22
 
CVE-2005-2048

CWE-Other
 

 
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

 
2004-12-31
 
CVE-2004-2201

 

 
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.

 
 
CVE-2004-2200

 

 
Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.

 

 >>> Vendor: Duware 19 Produkty
Duclassmate
Duclassified
Duforum
Duportal
Duportal pro
Duamazon pro
Dupaypal pro
Duamazon
Duarticle
Dudirectory
Dudirectory pro
Dudirectory pro sql
Dudownload
Dugallery
Dunews
Dupaypal
Dubanner
Dupoll
Ducalendar


Copyright 2024, cxsecurity.com

 

Back to Top