GCVE - cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*

part: a version: 1.1 update: *

Vendor	Duware (`a7e4dbbd-0fa1-58a2-ad48-648c67f14a28`)
Product	Dunews (`4f3582c5-437a-5f85-94bb-507c02e8958a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-6367`	vulnerable	2026-06-03 14:27:52.983343	Details available Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976. Published: 2006-12-07T11:00:00.000Z Updated: 2024-08-07T20:26:46.058Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/21405 http://secunia.com/advisories/23224 https://exchange.xforce.ibmcloud.com/vulnerabilities/30669 http://www.vupen.com/english/advisories/2006/4845 http://www.aria-security.com/forum/showthread.php?t=60	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6354`	vulnerable	2026-06-03 14:27:52.951997	Details available Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. Published: 2006-12-07T01:00:00.000Z Updated: 2024-08-07T20:26:45.520Z Open on db.gcve.eu Reference links http://secunia.com/advisories/23228 http://www.aria-security.com/forum/showthread.php?t=61 http://www.securityfocus.com/bid/15681 http://www.vupen.com/english/advisories/2006/4834 http://www.securityfocus.com/archive/1/453317/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3976`	vulnerable	2026-06-03 14:27:11.967261	Details available SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. Published: 2005-12-03T19:00:00.000Z Updated: 2024-08-07T23:31:49.013Z Open on db.gcve.eu Reference links http://secunia.com/advisories/17835 http://www.securityfocus.com/bid/15681 http://www.vupen.com/english/advisories/2005/2700 https://exchange.xforce.ibmcloud.com/vulnerabilities/30673 http://www.osvdb.org/21385	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.