VYPR

Duportal

by Duware

CVEs (4)

  • CVE-2005-4166Dec 11, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.

  • CVE-2005-1224May 2, 2005
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or…

  • CVE-2005-1236May 2, 2005
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to…

  • CVE-2005-2045Jun 22, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5)…