Vulnerabilities > Iscripts > Socialware

DATE CVE VULNERABILITY TITLE RISK
2008-04-16 CVE-2008-1859 SQL Injection vulnerability in Iscripts Socialware
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
network
low complexity
iscripts CWE-89
7.5
7.5
2008-04-15 CVE-2008-1790 Permissions, Privileges, and Access Controls vulnerability in Iscripts Socialware
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality.
network
low complexity
iscripts CWE-264
6.5
6.5
2008-04-14 CVE-2008-1772 Cryptographic Issues vulnerability in Iscripts Socialware
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
network
low complexity
iscripts CWE-310
5.0
5.0