CVE-2005-2046
published 2005-06-22CVE-2005-2046: Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.08%
79.2th percentile
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| duware | duamazon_pro | — | — |
| duware | duamazon_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
nbSMTP 0.99 - 'util.c' Client-Side Command Execution
exploitdb·2005-08-05
CVE-2005-2409 nbSMTP 0.99 - 'util.c' Client-Side Command Execution
nbSMTP 0.99 - 'util.c' Client-Side Command Execution
---
/* nbSMTP_fsexp.c
*
* nbSMTP v0.99 remote format string exploit
* by CoKi
*
* root@nosystem:/home/coki/audi# ./nbSMTP_fsexp
*
* nbSMTP v0.99 remote format string exploit
* by CoKi
*
* Use: ./nbSMTP_fsexp [options]
*
* options:
* -t type of target system
* -r return address
* -s shellcode address
* -o offset
* -l targets list
*
* root@nosystem:/home/coki/audit# ./nbSMTP_fsexp -t2
*
* nbSMTP v0.99 remote format string exploit
* by CoKi
*
* [*] system : Slackware Linux 10.0
* [*] return address : 0x0804d8cc
* [*] shellcode address : 0x08053613
* [*] building evil buffer : done
* [*] running fake smtp server : done
*
* [*] waiting... : 10.0.0.1:2046 connected
* [*] sending evil command... : done
*
* [*] checking for shell... : done
*
*
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'review.asp?iPro' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'review.asp?iPro' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'review.asp?iPro' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazonPro/shops/review.asp?iSub=17&iPro=36[SQL Inject]
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'detail.asp?iSub' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'detail.asp?iSub' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'detail.asp?iSub' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazonPro/shops/detail.asp?iPro=34&iSub=17[SQL Inject]
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'productDelete.asp?iCat' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'productDelete.asp?iCat' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'productDelete.asp?iCat' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazonPro/admin/productDelete.asp?iPro=37&iCat=12[SQL Inject]
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'productEdit.asp?iCat' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'productEdit.asp?iCat' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'productEdit.asp?iCat' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazonPro/admin/productEdit.asp?iPro=34&iCat=12[SQL Inject]
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'type.asp?iType' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'type.asp?iType' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'type.asp?iType' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazon/type.asp?iType=1[SQL inject]
Exploit-DB
DUware DUamazon Pro 3.0/3.1 - 'catDelete.asp?iCat' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUamazon Pro 3.0/3.1 - 'catDelete.asp?iCat' SQL Injection
DUware DUamazon Pro 3.0/3.1 - 'catDelete.asp?iCat' SQL Injection
---
source: https://www.securityfocus.com/bid/14033/info
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUamazonPro/admin/catDelete.asp?iCat=13[SQL Inject]
Exploit-DB
DUware DUpaypal 3.0/3.1 - 'sub.asp?iSub' SQL Injection
exploitdb·2005-06-22
CVE-2005-2046 DUware DUpaypal 3.0/3.1 - 'sub.asp?iSub' SQL Injection
DUware DUpaypal 3.0/3.1 - 'sub.asp?iSub' SQL Injection
---
source: https://www.securityfocus.com/bid/14034/info
DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUpaypalPro/shops/sub.asp?iSub=[SQL Inject]
No writeups or analysis indexed.
2005-06-22
Published