Iscripts
Products
10- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-7190 | 0.04 | — | 0.12 | Dec 20, 2013 | Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php. | ||
| CVE-2013-7189 | 0.03 | — | 0.01 | Dec 20, 2013 | Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | ||
| CVE-2010-5036 | 0.03 | — | 0.01 | Nov 2, 2011 | SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | ||
| CVE-2010-5035 | 0.03 | — | 0.05 | Nov 2, 2011 | Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-5034 | 0.03 | — | 0.01 | Nov 2, 2011 | SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter. | ||
| CVE-2010-4983 | 0.03 | — | 0.02 | Nov 1, 2011 | SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2010-4980 | 0.03 | — | 0.02 | Nov 1, 2011 | SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||
| CVE-2010-2853 | 0.03 | — | 0.01 | Jul 25, 2010 | SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | ||
| CVE-2010-2624 | 0.03 | — | 0.00 | Jul 2, 2010 | Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php. | ||
| CVE-2008-4169 | 0.03 | — | 0.00 | Sep 22, 2008 | SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter. | ||
| CVE-2008-1859 | 0.03 | — | 0.00 | Apr 16, 2008 | SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | ||
| CVE-2008-1790 | 0.03 | — | 0.01 | Apr 15, 2008 | Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | ||
| CVE-2008-1772 | 0.03 | — | 0.05 | Apr 14, 2008 | iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | ||
| CVE-2008-0911 | 0.03 | — | 0.00 | Feb 22, 2008 | SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | ||
| CVE-2007-5261 | 0.03 | — | 0.00 | Oct 6, 2007 | Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php. |
- CVE-2013-7190Dec 20, 2013risk 0.04cvss —epss 0.12
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
- CVE-2013-7189Dec 20, 2013risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
- CVE-2010-5036Nov 2, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
- CVE-2010-5035Nov 2, 2011risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
- CVE-2010-5034Nov 2, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
- CVE-2010-4983Nov 1, 2011risk 0.03cvss —epss 0.02
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2010-4980Nov 1, 2011risk 0.03cvss —epss 0.02
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
- CVE-2010-2853Jul 25, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
- CVE-2010-2624Jul 2, 2010risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
- CVE-2008-4169Sep 22, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
- CVE-2008-1859Apr 16, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
- CVE-2008-1790Apr 15, 2008risk 0.03cvss —epss 0.01
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
- CVE-2008-1772Apr 14, 2008risk 0.03cvss —epss 0.05
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
- CVE-2008-0911Feb 22, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
- CVE-2007-5261Oct 6, 2007risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.