CVE-2017-17611 critical 9.8
10.0
EXP doctor_search_script_project 9y ago
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8
10.0
EXP e-commerce_mlm_software_project 9y ago
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8
10.0
EXP chartered_accountant_booking_script_project 9y ago
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8
10.0
EXP kindergarten_-_elementary_school_listing_script_project 9y ago
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8
10.0
EXP cms_auditor_website_project 9y ago
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8
10.0
EXP co-work_space_search_script_project 9y ago
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8
10.0
EXP consumer_complaints_clone_script_project 9y ago
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8
10.0
EXP entrepreneur_bus_booking_script_project 9y ago
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8
10.0
EXP advanced_real_estate_script_project 9y ago
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8
10.0
EXP advance_b2b_script_project 9y ago
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8
10.0
EXP cab_booking_script_project 9y ago
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8
10.0
EXP basic_b2b_script_project 9y ago
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8
10.0
EXP advance_online_learning_management_script_project 9y ago
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8
10.0
EXP affiliate_mlm_script_project 9y ago
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8
10.0
EXP nearbuy_clone_script_project 9y ago
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8
10.0
EXP entrepreneur_job_portal_script_project 9y ago
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8
10.0
EXP beauty_parlour_booking_script_project 9y ago
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8
10.0
EXP domainsale_php_script_project 9y ago
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17592 critical 9.8
10.0
EXP website_auction_marketplace_project 9y ago
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8
10.0
EXP realestate_crowdfunding_script_project 9y ago
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8
10.0
EXP stackoverflow-clone_project 9y ago
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8
10.0
EXP thumbtack_clone_project 9y ago
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8
10.0
EXP imdb_clone_project 9y ago
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8
10.0
EXP indiamart_clone_project 9y ago
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8
10.0
EXP olx_clone_project 9y ago
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8
10.0
EXP monster_clone_project 9y ago
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8
10.0
EXP makemytrip_clone_project 9y ago
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17583 critical 9.8
10.0
EXP shutterstock_clone_project 9y ago
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8
10.0
EXP grubhub_clone_project 9y ago
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8
10.0
EXP quibids_clone_project 9y ago
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8
10.0
EXP linkedin_clone_project 9y ago
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8
10.0
EXP freelancer_clone_project 9y ago
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8
10.0
EXP crowdfunding_script_project 9y ago
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8
10.0
EXP trademe_clone_project 9y ago
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8
10.0
EXP gigs_script_project 9y ago
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8
10.0
EXP groupon_clone_project 9y ago
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8
10.0
EXP care_clone_project 9y ago
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8
10.0
EXP fortunescripts 9y ago
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8
10.0
EXP amazon_clone_project 9y ago
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8
10.0
EXP foodpanda_clone_project 9y ago
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8
10.0
EXP expedia_clone_project 9y ago
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17560 critical 9.8
10.0
EXP 9y ago
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2017-17111 critical 9.8
10.0
EXP scubez 9y ago
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8
10.0
EXP techno_-_portfolio_management_panel_project 9y ago
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-17055 critical 9.0
10.0
EXP articatech 9y ago
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2017-16930 critical 9.8
10.0
EXP claymore_dual_miner_project 9y ago
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
CVE-2017-11282 critical 9.8
10.0
EXP macos linux-kernel rhel adobe 9y ago
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11281 critical 9.8
10.0
EXP macos linux-kernel rhel adobe 9y ago
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlie…
CVE-2017-16935 critical 9.8
10.0
EXP ametys 9y ago
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
CVE-2017-16934 critical 9.8
10.0
EXP dbltek 9y ago
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
CVE-2015-3934 critical 9.8
10.0
EXP fiyo 9y ago
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
CVE-2017-12635 critical 9.8
10.0
EXP FIX sles arch apache 9y ago
multiple issues in couchdb
CVE-2017-16783 critical 9.8
10.0
EXP cmsmadesimple 9y ago
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-16780 critical 9.8
10.0
EXP mybb 9y ago
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2017-16562 critical 9.8
10.0
EXP userproplugin 9y ago
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value f…
CVE-2017-11309 critical 9.6
10.0
EXP avaya 9y ago
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVE-2015-3933 critical 9.8
10.0
EXP metalgenix 9y ago
MetalGenix GeniXCMS vulnerable to SQL Injection
CVE-2017-16543 critical 9.8
10.0
EXP zohocorp 9y ago
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVE-2017-15993 critical 9.8
10.0
EXP zomato_clone_script_project 9y ago
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-15992 critical 9.8
10.0
EXP website_broker_script_project 9y ago
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15991 critical 9.8
10.0
EXP vastal 9y ago
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type,…
CVE-2017-15990 critical 9.8
10.0
EXP savsofteproducts 9y ago
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVE-2017-15989 critical 9.8
10.0
EXP online_exam_test_application_project 9y ago
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
CVE-2017-15988 critical 9.8
10.0
EXP nicephpscripts 9y ago
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
CVE-2017-15987 critical 9.8
10.0
EXP fake_magazine_cover_script_project 9y ago
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
CVE-2017-15986 critical 9.8
10.0
EXP cpa_lead_reward_script_project 9y ago
CPA Lead Reward Script allows SQL Injection via the username parameter.
CVE-2017-15985 critical 9.8
10.0
EXP readymadeb2bscript 9y ago
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15984 critical 9.8
10.0
EXP bekirk 9y ago
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
CVE-2017-15983 critical 9.8
10.0
EXP geniusocean 9y ago
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15982 critical 9.8
10.0
EXP geniusocean 9y ago
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15981 critical 9.8
10.0
EXP geniusocean 9y ago
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15980 critical 9.8
10.0
EXP rowindex 9y ago
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVE-2017-15979 critical 9.8
10.0
EXP odallated 9y ago
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
CVE-2017-15978 critical 9.8
10.0
EXP arox 9y ago
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15977 critical 9.8
10.0
EXP protectedlinks 9y ago
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2012-5357 critical 9.8
10.0
EXP ektron 9y ago
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE …
CVE-2017-15976 critical 9.8
10.0
EXP zeescripts 9y ago
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-15975 critical 9.8
10.0
EXP vastal 9y ago
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15974 critical 9.8
10.0
EXP datacomponents 9y ago
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15973 critical 9.8
10.0
EXP sokial 9y ago
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-15972 critical 9.8
10.0
EXP softdatepro 9y ago
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15…
CVE-2017-15971 critical 9.8
10.0
EXP softdatepro 9y ago
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2017-15970 critical 9.8
10.0
EXP phpcityportal 9y ago
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-15969 critical 9.8
10.0
EXP pilotgroup 9y ago
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-15968 critical 9.8
10.0
EXP contractorscripts 9y ago
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15967 critical 9.8
10.0
EXP mailing-manager 9y ago
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 critical 9.8
10.0
EXP zh_yandexmap_project 9y ago
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-15965 critical 9.8
10.0
EXP nswd 9y ago
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15964 critical 9.8
10.0
EXP nicephpscripts 9y ago
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15963 critical 9.8
10.0
EXP itechscripts 9y ago
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVE-2017-15962 critical 9.8
10.0
EXP istock_management_system_project 9y ago
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-15961 critical 9.8
10.0
EXP iproject_management_system_project 9y ago
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15960 critical 9.8
10.0
EXP yourarticlesdirectory 9y ago
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15959 critical 9.8
10.0
EXP adultscriptpro 9y ago
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2017-15958 critical 9.8
10.0
EXP domainzaar 9y ago
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2014-2023 critical 9.8
10.0
EXP tapatalk 9y ago
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API r…
CVE-2017-15222 critical 9.8
10.0
EXP nftp_project 9y ago
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
CVE-2017-15081 critical 9.8
10.0
EXP phpsugar 9y ago
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2017-15580 critical 9.8
10.0
EXP osticket 9y ago
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as…
CVE-2017-10366 critical 9.8
10.0
EXP oracle 9y ago
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Ea…
