RSS   Vulnerabilities for 'Socialware'   RSS

2008-04-16
 
CVE-2008-1859

CWE-89
 

 
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

 
2008-04-15
 
CVE-2008-1790

CWE-264
 

 
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.

 
2008-04-14
 
CVE-2008-1772

CWE-310
 

 
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.

 

 >>> Vendor: Iscripts 14 Products
Supportdesk
Sonicbb
Multicart
Socialware
Easyindex
Easysnaps
Visualcaster
Reservelogic
Cybermatch
Easybiller
Eswap
Autohoster
Easycreate
Uberforx


Copyright 2024, cxsecurity.com

 

Back to Top