RSS   Vulnerabilities for 'Readydesk'   RSS

2016-08-26
 
CVE-2016-5683

 

 
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.

 
 
CVE-2016-5050

 

 
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.

 
 
CVE-2016-5049

 

 
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.

 
 
CVE-2016-5048

 

 
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.

 


Copyright 2024, cxsecurity.com

 

Back to Top