26 matches found
EUVD-2016-6002
Malware in sbrugna...
EUVD-2016-6001
Malware in sbrugna...
EUVD-2016-6003
Malware in sbrugna...
EUVD-2016-6626
Malware in sbrugna...
CVE-2016-5683
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...
CVE-2016-5683
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...
CVE-2016-5050
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...
CVE-2016-5049
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...
CVE-2016-5049
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...
CVE-2016-5048
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...
CVE-2016-5048
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...
Hardcoded credentials
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...
Sql injection
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...
Directory traversal
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...
Unrestricted file upload
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...
CVE-2016-5048
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field...
CVE-2016-5683
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...
CVE-2016-5050
CVE-2016-5050 is an uncontrolled/ unrestricted file upload vulnerability within ReadyDesk 9.1, exploitable via chat/sendfile.aspx to upload a .aspx file and execute arbitrary code. The NVD entry documents an attack path that requires no authentication and network access, with a high severity (CVS...
CVE-2016-5683
CVE-2016-5683 affects ReadyDesk 9.1. The vulnerability arises from storing SQL Server credentials in encrypted form using a hard-coded cryptographic key found in ReadyDesk.dll, allowing local users to decrypt and obtain cleartext credentials by reading SQL_Config.aspx. Connected sources corrobora...
CVE-2016-5048
CVE-2016-5048 affects ReadyDesk 9.1 and targets the chat/staff/default.aspx login input. The user name field is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is described in multiple sources (NVD entry and CERT/CC advisory) with a high...