VIR Vulnerability Intelligence Relay

Search

Found 3,958 results in 444ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-17631 critical 9.8 10.0 EXP multireligion_responsive_matrimonial_project 9y ago Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 critical 9.8 10.0 EXP yoga_class_script_project 9y ago Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17629 critical 9.8 10.0 EXP secure_e-commerce_script_project 9y ago Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
CVE-2017-17628 critical 9.8 10.0 EXP responsive_realestate_script_project 9y ago Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-17627 critical 9.8 10.0 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17626 critical 9.8 10.0 EXP readymade_php_classified_script_project 9y ago Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 critical 9.8 10.0 EXP on_demand_marketplace_script_project 9y ago Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 critical 9.8 10.0 EXP php_multivendor_ecommerce_project 9y ago PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 critical 9.8 10.0 EXP opensource_classified_ads_script_project 9y ago Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17622 critical 9.8 10.0 EXP online_exam_test_application_script_project 9y ago Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17621 critical 9.8 10.0 EXP multivendor_penny_auction_clone_script_project 9y ago Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17620 critical 9.8 10.0 EXP lawyer_search_script_project 9y ago Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17619 critical 9.8 10.0 EXP laundry_booking_script_project 9y ago Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17618 critical 9.8 10.0 EXP kickstarter_clone_script_project 9y ago Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17617 critical 9.8 10.0 EXP foodspotting_clone_script_project 9y ago Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17616 critical 9.8 10.0 EXP event_calendar_category_script_project 9y ago Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17615 high 8.8 9.8 EXP facebook_clone_script_project 9y ago Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
CVE-2017-17614 critical 9.8 10.0 EXP hotel_restaurant_reviews_and_feedback_script_project 9y ago Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 critical 9.8 10.0 EXP freelance_website_script_project 9y ago Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17612 critical 9.8 10.0 EXP hot_scripts_clone_project 9y ago Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17611 critical 9.8 10.0 EXP doctor_search_script_project 9y ago Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8 10.0 EXP e-commerce_mlm_software_project 9y ago E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8 10.0 EXP chartered_accountant_booking_script_project 9y ago Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8 10.0 EXP kindergarten_-_elementary_school_listing_script_project 9y ago Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8 10.0 EXP cms_auditor_website_project 9y ago CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8 10.0 EXP co-work_space_search_script_project 9y ago Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8 10.0 EXP consumer_complaints_clone_script_project 9y ago Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8 10.0 EXP entrepreneur_bus_booking_script_project 9y ago Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8 10.0 EXP advanced_real_estate_script_project 9y ago Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8 10.0 EXP advance_b2b_script_project 9y ago Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8 10.0 EXP cab_booking_script_project 9y ago Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8 10.0 EXP basic_b2b_script_project 9y ago Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8 10.0 EXP advance_online_learning_management_script_project 9y ago Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8 10.0 EXP affiliate_mlm_script_project 9y ago Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8 10.0 EXP nearbuy_clone_script_project 9y ago Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8 10.0 EXP entrepreneur_job_portal_script_project 9y ago Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8 10.0 EXP beauty_parlour_booking_script_project 9y ago Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8 10.0 EXP domainsale_php_script_project 9y ago DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17593 high 7.5 8.5 EXP simple_chatting_system_project 9y ago Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVE-2017-17592 critical 9.8 10.0 EXP website_auction_marketplace_project 9y ago Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8 10.0 EXP realestate_crowdfunding_script_project 9y ago Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8 10.0 EXP stackoverflow-clone_project 9y ago FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8 10.0 EXP thumbtack_clone_project 9y ago FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8 10.0 EXP imdb_clone_project 9y ago FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8 10.0 EXP indiamart_clone_project 9y ago FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8 10.0 EXP olx_clone_project 9y ago FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8 10.0 EXP monster_clone_project 9y ago FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8 10.0 EXP makemytrip_clone_project 9y ago FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17583 critical 9.8 10.0 EXP shutterstock_clone_project 9y ago FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8 10.0 EXP grubhub_clone_project 9y ago FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8 10.0 EXP quibids_clone_project 9y ago FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8 10.0 EXP linkedin_clone_project 9y ago FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8 10.0 EXP freelancer_clone_project 9y ago FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8 10.0 EXP crowdfunding_script_project 9y ago FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8 10.0 EXP trademe_clone_project 9y ago FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8 10.0 EXP gigs_script_project 9y ago FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8 10.0 EXP groupon_clone_project 9y ago FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8 10.0 EXP care_clone_project 9y ago FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8 10.0 EXP fortunescripts 9y ago FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8 10.0 EXP amazon_clone_project 9y ago FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8 10.0 EXP foodpanda_clone_project 9y ago FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8 10.0 EXP expedia_clone_project 9y ago FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17538 high 7.5 8.5 EXP 9y ago MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
CVE-2017-11918 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine …
CVE-2017-11914 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
CVE-2017-11911 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore RCE Vulnerability
CVE-2017-11909 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11907 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11903 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11893 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11890 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker…
CVE-2017-5717 high 7.8 8.8 EXP intel 9y ago Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
CVE-2017-17560 critical 9.8 10.0 EXP 9y ago An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2014-8358 high 7.8 8.8 EXP 9y ago Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the…
CVE-2017-17111 critical 9.8 10.0 EXP scubez 9y ago Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8 10.0 EXP techno_-_portfolio_management_panel_project 9y ago Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-11319 high 8.8 9.8 EXP resolver 9y ago Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and m…
CVE-2017-16921 high 8.8 9.8 EXPFIX debian debian otrs 9y ago In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete…
CVE-2017-17055 critical 9.0 10.0 EXP articatech 9y ago Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2017-13156 high 7.8 8.8 EXPFIX debian debian 9y ago An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVE-2017-14355 high 7.8 8.8 EXP microfocus 9y ago A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
CVE-2017-8824 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system…
CVE-2017-16930 critical 9.8 10.0 EXP claymore_dual_miner_project 9y ago The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
CVE-2017-16929 high 8.1 9.1 EXP claymore_dual_miner_project 9y ago The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re…
CVE-2017-15889 high 8.8 9.8 EXP 9y ago Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-17090 high 7.5 8.5 EXPFIX debian debian digium 9y ago An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP …
CVE-2017-16953 high 7.5 8.5 EXP 9y ago connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ…
CVE-2017-16895 high 7.8 8.8 EXP arqbackup 9y ago The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges …
CVE-2017-15357 high 7.4 8.4 EXP arqbackup 9y ago The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVE-2017-17085 high 7.5 8.5 EXPFIX slesdebian debian wireshark 9y ago In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
CVE-2017-11282 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11281 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlie…
CVE-2017-1000405 high 7.0 8.0 EXPFIX slesdebian debian linux-kernel 9y ago The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc…
CVE-2017-13872 high 8.1 9.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a…
CVE-2017-17058 high 7.5 8.5 EXP automattic 9y ago The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a …
CVE-2017-16944 high 7.5 8.5 EXPFIX arch archdebian debian exim 9y ago The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com…
CVE-2017-16939 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV…
CVE-2017-16935 critical 9.8 10.0 EXP ametys 9y ago Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
CVE-2017-16934 critical 9.8 10.0 EXP dbltek 9y ago The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
CVE-2015-3934 critical 9.8 10.0 EXP fiyo 9y ago Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…