Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2017-17608 | 1 Kindergarten - Elementary School Listing Script Project | 1 Kindergarten - Elementary School Listing Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Child Care Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17602 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | |||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | |||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | |||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17618 | 1 Kickstarter Clone Script Project | 1 Kickstarter Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | |||||
| CVE-2017-17617 | 1 Foodspotting Clone Script Project | 1 Foodspotting Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | |||||
| CVE-2017-17610 | 1 E-commerce Mlm Software Project | 1 E-commerce Mlm Software | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | |||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | |||||
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | |||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | |||||
| CVE-2017-17638 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | |||||
| CVE-2017-17641 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | |||||
| CVE-2017-17639 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||
| CVE-2017-17603 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | |||||
| CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | |||||
| CVE-2017-17611 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Doctor Search Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17630 | 1 Yoga Class Script Project | 1 Yoga Class Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17629 | 1 Secure E-commerce Script Project | 1 Secure E-commerce Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | |||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | |||||
| CVE-2017-11293 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2017-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-17605 | 1 Consumer Complaints Clone Script Project | 1 Consumer Complaints Clone Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | |||||
| CVE-2017-17606 | 1 Co-work Space Search Script Project | 1 Co-work Space Search Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17616 | 1 Event Calendar Category Script Project | 1 Event Calendar Category Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. | |||||
| CVE-2017-17607 | 1 Cms Auditor Website Project | 1 Cms Auditor Website | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | |||||
| CVE-2017-11295 | 1 Adobe | 1 Dng Converter | 2017-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-17600 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | |||||
| CVE-2017-17601 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | |||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | |||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | |||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||||
| CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||||
| CVE-2017-17595 | 1 Beauty Parlour Booking Script Project | 1 Beauty Parlour Booking Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. | |||||
| CVE-2017-17594 | 1 Domainsale Php Script Project | 1 Domainsale Php Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | |||||
| CVE-2017-6211 | 1 Google | 1 Android | 2017-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. | |||||
| CVE-2017-16684 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||||
| CVE-2017-17592 | 1 Website Auction Marketplace Project | 1 Website Auction Marketplace | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | |||||
| CVE-2017-17055 | 1 Articatech | 1 Artica Proxy | 2017-12-21 | 8.5 HIGH | 9.0 CRITICAL |
| Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | |||||
| CVE-2017-16930 | 1 Claymore Dual Miner Project | 1 Claymore Dual Miner | 2017-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging. | |||||
| CVE-2017-8818 | 1 Haxx | 2 Curl, Libcurl | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. | |||||
| CVE-2016-1253 | 1 Debian | 2 Debian Linux, Most | 2017-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | |||||
| CVE-2017-14591 | 1 Atlassian | 2 Crucible, Fisheye | 2017-12-20 | 9.3 HIGH | 9.0 CRITICAL |
| Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. | |||||
| CVE-2017-17701 | 1 K7computing | 1 Antivirus | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | |||||
| CVE-2017-17699 | 1 K7computing | 1 Antivirus | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. | |||||
| CVE-2017-17700 | 1 K7computing | 1 Antivirus | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | |||||
| CVE-2017-14914 | 1 Google | 1 Android | 2017-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | |||||
| CVE-2017-17573 | 1 Fortunescripts | 1 Ebay Clone | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||||