CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

7.8CVSS5.8AI score

Exploits0References2

NVD•added 2016/08/26 7:59 p.m.•12 views

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

7.8CVSS7.6AI score0.00348EPSS

Exploits0References2

OSV•added 2016/08/26 7:59 p.m.•1 views

CVE-2016-5049

Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...

7.5CVSS5.8AI score0.02375EPSS

Exploits0References2

NVD•added 2016/08/26 7:59 p.m.•14 views

CVE-2016-5049

7.5CVSS7.5AI score0.02375EPSS

Exploits0References2

NVD•added 2016/08/26 7:59 p.m.•14 views

CVE-2016-5048

SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...

9.8CVSS10AI score0.01885EPSS

Exploits0References2

Prion•added 2016/08/26 7:59 p.m.•12 views

Sql injection

SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...

7.5CVSS9AI score0.01885EPSS

Exploits0References2Affected Software1

Prion•added 2016/08/26 7:59 p.m.•17 views

Unrestricted file upload

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...

7.5CVSS8.2AI score0.02824EPSS

Exploits0References2Affected Software1

Prion•added 2016/08/26 7:59 p.m.•14 views

Directory traversal

5CVSS7.1AI score0.02375EPSS

Exploits0References2Affected Software1

Cvelist•added 2016/08/26 7:0 p.m.•24 views

CVE-2016-5048

SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...

10AI score0.01885EPSS

Exploits0References2

CVE•added 2016/08/26 7:0 p.m.•41 views

CVE-2016-5050

CVE-2016-5050 is an uncontrolled/ unrestricted file upload vulnerability within ReadyDesk 9.1, exploitable via chat/sendfile.aspx to upload a .aspx file and execute arbitrary code. The NVD entry documents an attack path that requires no authentication and network access, with a high severity (CVS...

9.8CVSS9.7AI score0.02824EPSS

Exploits0References2Affected Software1

CVE•added 2016/08/26 7:0 p.m.•41 views

CVE-2016-5048

CVE-2016-5048 affects ReadyDesk 9.1 and targets the chat/staff/default.aspx login input. The user name field is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is described in multiple sources (NVD entry and CERT/CC advisory) with a high...

9.8CVSS9.9AI score0.01885EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by