Vulnerabilities > Duware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-31 | CVE-2006-4487 | Information Disclosure vulnerability in Dupoll 3.0/3.1 DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | 5.0 |
| 2006-05-01 | CVE-2006-2132 | SQL Injection vulnerability in DUclassified Detail.ASP SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 6.4 |
| 2005-12-11 | CVE-2005-4166 | Cross-Site Scripting vulnerability in DuWare DuPortalPro Password.ASP Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. network duware | 4.3 |
| 2004-12-31 | CVE-2004-2200 | Remote vulnerability in DUware Software Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. network duware | 4.3 |
| 2004-12-31 | CVE-2004-2199 | Remote vulnerability in Duware Duclassified 4.0 Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. network duware | 4.3 |
| 2004-12-31 | CVE-2004-2198 | Remote vulnerability in DUware Software account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | 6.4 |