Douran
Products
4- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-38996 | Med | 0.44 | 6.7 | 0.00 | Aug 22, 2023 | An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. | ||
| CVE-2011-1569 | 0.03 | — | 0.04 | Apr 5, 2011 | download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. | |||
| CVE-2007-1300 | 0.00 | — | 0.01 | Mar 7, 2007 | DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. … | |||
| CVE-2006-0373 | 0.00 | — | 0.01 | Jan 22, 2006 | Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- risk 0.44cvss 6.7epss 0.00
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.
- CVE-2011-1569Apr 5, 2011risk 0.03cvss —epss 0.04
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
- CVE-2007-1300Mar 7, 2007risk 0.00cvss —epss 0.01
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. …
- CVE-2006-0373Jan 22, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…