VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 515ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-9792 critical 10.0 EXPFIX arch arch slesdebian debian 7y ago The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory c…
CVE-2019-9791 critical 10.0 EXPFIX arch arch slesdebian debian 7y ago The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the con…
CVE-2019-11358 low 3.5 EXPFIX arch arch rockydebian debian 7y ago RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low)
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2018-7602 critical 10.0 KEVEXPFIX arch arch 8y ago A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
CVE-2018-7600 critical 10.0 KEVEXPFIX arch arch 8y ago Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
CVE-2017-5753 medium 5.6 6.6 EXPFIX arch arch slesdebian debian inteloraclesynology 9y ago Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-18001 critical 9.8 10.0 EXP trustwave 9y ago Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, vi…
CVE-2017-17968 critical 9.8 10.0 EXP xi-soft 9y ago A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP respons…
CVE-2017-17932 critical 9.8 10.0 EXP allmediaserver 9y ago A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on th…
CVE-2015-7889 medium 5.5 6.5 EXP 9y ago The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service a…
CVE-2017-7154 medium 6.6 7.6 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo…
CVE-2017-17875 critical 9.8 10.0 EXP jextn 9y ago The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17873 critical 9.8 10.0 EXP vanguard_project 9y ago Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17872 critical 9.8 10.0 EXP jextn 9y ago The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17871 critical 9.8 10.0 EXP jextn 9y ago The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-17870 critical 9.8 10.0 EXP jbuildozer 9y ago The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
CVE-2017-17849 critical 9.8 10.0 EXP getgosoft 9y ago A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
CVE-2017-13869 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13868 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13865 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13855 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-17411 critical 9.8 10.0 EXP 9y ago This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exis…
CVE-2012-2576 critical 9.8 10.0 EXP solarwinds 9y ago SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at…
CVE-2017-17752 medium 6.1 7.1 EXP codecrafters 9y ago Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.…
CVE-2017-17761 critical 9.8 10.0 EXP 9y ago An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. Th…
CVE-2017-17759 critical 9.8 10.0 EXP conarc 9y ago Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request…
CVE-2017-17105 critical 9.8 10.0 EXP 9y ago Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the w…
CVE-2017-16949 critical 9.8 10.0 EXP accesspressthemes 9y ago An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file …
CVE-2017-17721 critical 9.8 10.0 EXP zuuse 9y ago CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorde…
CVE-2017-17651 critical 9.8 10.0 EXP paid_to_read_script_project 9y ago Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
CVE-2017-17649 medium 6.1 7.1 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVE-2017-17645 critical 9.8 10.0 EXP phpautoclassifiedscript 9y ago Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-17643 critical 9.8 10.0 EXP lynda_clone_project 9y ago FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2017-17739 critical 9.8 10.0 EXP 9y ago The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
CVE-2017-17737 medium 6.1 7.1 EXP 9y ago The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
CVE-2017-3195 critical 9.8 10.0 EXP commvault 9y ago Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code executio…
CVE-2017-12373 medium 5.9 6.9 EXP 9y ago A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive i…
CVE-2017-16787 medium 6.5 7.5 EXP 9y ago The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
CVE-2017-17672 critical 9.8 10.0 EXP vbulletin 9y ago In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage o…
CVE-2017-17648 critical 9.8 10.0 EXP entrepreneur_dating_script_project 9y ago Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
CVE-2017-17427 medium 5.9 6.9 EXP 9y ago Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed …
CVE-2017-17382 medium 5.9 6.9 EXP 9y ago Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote …
CVE-2017-17642 critical 9.8 10.0 EXP basic_job_site_script_project 9y ago Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17641 critical 9.8 10.0 EXP resume_clone_script_project 9y ago Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
CVE-2017-17640 critical 9.8 10.0 EXP advanced_world_database_project 9y ago Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-17639 critical 9.8 10.0 EXP muslim_matrimonial_script_project 9y ago Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17638 critical 9.8 10.0 EXP groupon_clone_script_project 9y ago Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-17637 critical 9.8 10.0 EXP car_rental_script_project 9y ago Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
CVE-2017-17636 critical 9.8 10.0 EXP mlm_forced_matrix_project 9y ago MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
CVE-2017-17635 critical 9.8 10.0 EXP mlm_forex_market_plan_script_project 9y ago MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
CVE-2017-17634 critical 9.8 10.0 EXP single_theater_booking_script_project 9y ago Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17633 critical 9.8 10.0 EXP multiplex_movie_theater_booking_script_project 9y ago Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
CVE-2017-17632 critical 9.8 10.0 EXP responsive_events_and_movie_ticket_booking_script_project 9y ago Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17631 critical 9.8 10.0 EXP multireligion_responsive_matrimonial_project 9y ago Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 critical 9.8 10.0 EXP yoga_class_script_project 9y ago Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17629 critical 9.8 10.0 EXP secure_e-commerce_script_project 9y ago Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
CVE-2017-17628 critical 9.8 10.0 EXP responsive_realestate_script_project 9y ago Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-17627 critical 9.8 10.0 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17626 critical 9.8 10.0 EXP readymade_php_classified_script_project 9y ago Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 critical 9.8 10.0 EXP on_demand_marketplace_script_project 9y ago Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 critical 9.8 10.0 EXP php_multivendor_ecommerce_project 9y ago PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 critical 9.8 10.0 EXP opensource_classified_ads_script_project 9y ago Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17622 critical 9.8 10.0 EXP online_exam_test_application_script_project 9y ago Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17621 critical 9.8 10.0 EXP multivendor_penny_auction_clone_script_project 9y ago Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17620 critical 9.8 10.0 EXP lawyer_search_script_project 9y ago Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17619 critical 9.8 10.0 EXP laundry_booking_script_project 9y ago Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17618 critical 9.8 10.0 EXP kickstarter_clone_script_project 9y ago Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17617 critical 9.8 10.0 EXP foodspotting_clone_script_project 9y ago Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17616 critical 9.8 10.0 EXP event_calendar_category_script_project 9y ago Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17614 critical 9.8 10.0 EXP hotel_restaurant_reviews_and_feedback_script_project 9y ago Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 critical 9.8 10.0 EXP freelance_website_script_project 9y ago Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17612 critical 9.8 10.0 EXP hot_scripts_clone_project 9y ago Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17611 critical 9.8 10.0 EXP doctor_search_script_project 9y ago Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8 10.0 EXP e-commerce_mlm_software_project 9y ago E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8 10.0 EXP chartered_accountant_booking_script_project 9y ago Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8 10.0 EXP kindergarten_-_elementary_school_listing_script_project 9y ago Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8 10.0 EXP cms_auditor_website_project 9y ago CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8 10.0 EXP co-work_space_search_script_project 9y ago Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8 10.0 EXP consumer_complaints_clone_script_project 9y ago Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8 10.0 EXP entrepreneur_bus_booking_script_project 9y ago Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8 10.0 EXP advanced_real_estate_script_project 9y ago Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8 10.0 EXP advance_b2b_script_project 9y ago Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8 10.0 EXP cab_booking_script_project 9y ago Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8 10.0 EXP basic_b2b_script_project 9y ago Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8 10.0 EXP advance_online_learning_management_script_project 9y ago Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8 10.0 EXP affiliate_mlm_script_project 9y ago Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8 10.0 EXP nearbuy_clone_script_project 9y ago Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8 10.0 EXP entrepreneur_job_portal_script_project 9y ago Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8 10.0 EXP beauty_parlour_booking_script_project 9y ago Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8 10.0 EXP domainsale_php_script_project 9y ago DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17592 critical 9.8 10.0 EXP website_auction_marketplace_project 9y ago Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8 10.0 EXP realestate_crowdfunding_script_project 9y ago Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8 10.0 EXP stackoverflow-clone_project 9y ago FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8 10.0 EXP thumbtack_clone_project 9y ago FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8 10.0 EXP imdb_clone_project 9y ago FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8 10.0 EXP indiamart_clone_project 9y ago FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8 10.0 EXP olx_clone_project 9y ago FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8 10.0 EXP monster_clone_project 9y ago FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8 10.0 EXP makemytrip_clone_project 9y ago FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.