Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3976

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3976
Last Modified 07 Mar 2011 09:27:27
Published 03 Dec 2005 02:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3976

Summary

SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.

Vulnerable Systems

Application

  • Duware Duamazon 3.1

  • Duware Duarticle 1.1

  • Duware Duclassified 4.2

  • Duware Dudirectory 3.1

  • Duware Dudirectory Pro 3.0

  • Duware Dudirectory Pro Sql 3.0

  • Duware Dudownload 1.1

  • Duware Dugallery 3.3

  • Duware Dunews 1.1

  • Duware Dupaypal 3.1

  • Duware Dupaypal Pro 3.0


References

VUPEN - ADV-2005-2700

BID - 15681

OSVDB - 21385

SECUNIA - 17835

XF - dunews-type-detail-sql-injection(30673)


Last Updated: 27 May 2016 10:41:08