Vulnerabilities > Myiosoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-28 | CVE-2008-3345 | SQL Injection vulnerability in Myiosoft Easye-Cards 3.10/3.5 SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action. | 6.8 |
| 2008-07-28 | CVE-2008-3344 | Cross-Site Scripting vulnerability in Myiosoft Easye-Cards 3.10/3.5 Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters. | 4.3 |
| 2008-07-28 | CVE-2008-3343 | SQL Injection vulnerability in Myiosoft Easypublish 3.0 SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action. | 7.5 |
| 2008-07-28 | CVE-2008-3342 | Cross-Site Scripting vulnerability in Myiosoft Easypublish 3.0 Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action. | 4.3 |
| 2008-04-02 | CVE-2008-1651 | Path Traversal vulnerability in Myiosoft Easynews 4.0Tr Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-04-02 | CVE-2008-1650 | SQL Injection vulnerability in Myiosoft Easynews 4.0Tr SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action. | 7.5 |
| 2008-04-02 | CVE-2008-1649 | Cross-Site Scripting vulnerability in Myiosoft Easynews 4.0Tr Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. | 4.3 |
| 2008-03-17 | CVE-2008-1347 | Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system. | 4.3 |
| 2008-03-17 | CVE-2008-1346 | SQL Injection vulnerability in Myiosoft Easycalendar 4.0Tr SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action. | 7.5 |
| 2008-03-17 | CVE-2008-1345 | Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action. | 4.3 |