CVE-2006-6354
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
| Software | From | Fixed in |
|---|---|---|
| duware / dudirectory_pro_sql | 3.1 | 3.1.x |
| duware / dudirectory_pro | 3.0 | 3.0.x |
| duware / dugallery | 3.0 | 3.0.x |
| duware / dudownload | 1.0 | 1.0.x |
| duware / dudirectory_pro | 3.1 | 3.1.x |
| duware / dudownload | 1.1 | 1.1.x |
| duware / duarticle | 1.1 | 1.1.x |
| duware / dupaypal_pro | 3.1 | 3.1.x |
| duware / dunews | 1.0 | 1.0.x |
| duware / duclassified | 4.1 | 4.1.x |
| duware / dupaypal | 3.0 | 3.0.x |
| duware / dudirectory | 3.0 | 3.0.x |
| duware / dugallery | 3.1 | 3.1.x |
| duware / dugallery | 3.3 | 3.3.x |
| duware / dupaypal_pro | 3.0 | 3.0.x |
| duware / dudirectory_pro_sql | 3.0 | 3.0.x |
| duware / dugallery | 3.2 | 3.2.x |
| duware / duclassified | 4.0 | 4.0.x |
| duware / dudirectory | 3.1 | 3.1.x |
| duware / dupaypal | 3.1 | 3.1.x |
| duware / duamazon | 3.0 | 3.0.x |
| duware / duclassified | 4.2 | 4.2.x |
| duware / duamazon | 3.1 | 3.1.x |
| duware / duarticle | 1.0 | 1.0.x |
| duware / dunews | 1.1 | 1.1.x |
- http://secunia.com/advisories/23228
- http://securityreason.com/securityalert/1996
- http://www.aria-security.com/forum/showthread.php?t=61
- http://www.securityfocus.com/archive/1/453317/100/0/threaded
- http://www.securityfocus.com/bid/15681
- http://www.vupen.com/english/advisories/2006/4834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30673
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime