CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Iscripts : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7190 22 Dir. Trav. 2013-12-20 2013-12-23
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
2 CVE-2013-7189 89 Exec Code Sql 2013-12-20 2013-12-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
3 CVE-2010-5036 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
4 CVE-2010-5035 79 2 XSS 2011-11-02 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
5 CVE-2010-5034 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
6 CVE-2010-4983 89 2 Exec Code Sql 2011-11-01 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2010-4980 89 2 Exec Code Sql 2011-11-01 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
8 CVE-2010-2853 89 2 Exec Code Sql 2010-07-24 2010-07-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
9 CVE-2010-2624 89 1 Exec Code Sql 2010-07-02 2010-07-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
10 CVE-2008-4169 89 1 Exec Code Sql 2008-09-22 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
11 CVE-2008-1859 89 1 Exec Code Sql 2008-04-16 2012-10-30
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
12 CVE-2008-1790 264 1 Sql 2008-04-15 2009-03-18
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
13 CVE-2008-1772 310 1 +Info 2008-04-14 2008-09-05
5.0
None Remote Low Not required Partial None None
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
14 CVE-2008-0911 89 1 Exec Code Sql 2008-02-22 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
15 CVE-2007-5261 89 1 Exec Code Sql 2007-10-06 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
Total number of vulnerabilities : 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.