VIR Vulnerability Intelligence Relay

Search

Found 6,690 results in 638ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-17871 critical 9.8 10.0 EXP jextn 9y ago The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-17870 critical 9.8 10.0 EXP jbuildozer 9y ago The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
CVE-2017-17849 critical 9.8 10.0 EXP getgosoft 9y ago A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
CVE-2017-16995 high 7.8 8.8 EXPFIX arch archdebian debian linux-kernel 9y ago The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by lev…
CVE-2017-13878 high 7.1 8.1 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read res…
CVE-2017-13876 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13875 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi…
CVE-2017-13869 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13868 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13867 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13865 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13861 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows a…
CVE-2017-13855 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the …
CVE-2017-13847 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary co…
CVE-2017-17692 high 7.5 8.5 EXP samsung 9y ago Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the …
CVE-2017-17411 critical 9.8 10.0 EXP 9y ago This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exis…
CVE-2017-5262 high 8.0 9.0 EXP 9y ago In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
CVE-2017-5261 high 8.8 9.8 EXP 9y ago In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to …
CVE-2017-5260 high 8.8 9.8 EXP 9y ago In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco…
CVE-2017-5259 high 8.8 9.8 EXP 9y ago In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc…
CVE-2017-5255 high 8.8 9.8 EXP 9y ago In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-…
CVE-2017-5254 high 8.8 9.8 EXP 9y ago In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di…
CVE-2012-2576 critical 9.8 10.0 EXP solarwinds 9y ago SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at…
CVE-2017-17752 medium 6.1 7.1 EXP codecrafters 9y ago Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.…
CVE-2017-17761 critical 9.8 10.0 EXP 9y ago An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. Th…
CVE-2017-17088 high 7.5 8.5 EXP flexense 9y ago The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header …
CVE-2017-15049 high 8.8 9.8 EXP zoom 9y ago The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary…
CVE-2017-15048 high 8.8 9.8 EXP zoom 9y ago Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handle…
CVE-2017-17759 critical 9.8 10.0 EXP conarc 9y ago Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request…
CVE-2017-17105 critical 9.8 10.0 EXP 9y ago Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the w…
CVE-2017-16949 critical 9.8 10.0 EXP accesspressthemes 9y ago An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file …
CVE-2017-17721 critical 9.8 10.0 EXP zuuse 9y ago CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorde…
CVE-2017-17651 critical 9.8 10.0 EXP paid_to_read_script_project 9y ago Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
CVE-2017-17649 medium 6.1 7.1 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVE-2017-17645 critical 9.8 10.0 EXP phpautoclassifiedscript 9y ago Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-17643 critical 9.8 10.0 EXP lynda_clone_project 9y ago FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2017-17739 critical 9.8 10.0 EXP 9y ago The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
CVE-2017-17738 high 7.5 8.5 EXP 9y ago The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
CVE-2017-17737 medium 6.1 7.1 EXP 9y ago The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
CVE-2017-3195 critical 9.8 10.0 EXP commvault 9y ago Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code executio…
CVE-2017-12373 medium 5.9 6.9 EXP 9y ago A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive i…
CVE-2017-16787 medium 6.5 7.5 EXP 9y ago The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
CVE-2017-17405 high 8.8 9.8 EXP slesdebian debian rhel ruby-lang 9y ago Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument star…
CVE-2017-5264 high 8.8 9.8 EXP rapid7 9y ago Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site requ…
CVE-2017-17672 critical 9.8 10.0 EXP vbulletin 9y ago In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage o…
CVE-2017-17648 critical 9.8 10.0 EXP entrepreneur_dating_script_project 9y ago Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
CVE-2017-17427 medium 5.9 6.9 EXP 9y ago Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed …
CVE-2017-17382 medium 5.9 6.9 EXP 9y ago Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote …
CVE-2017-17642 critical 9.8 10.0 EXP basic_job_site_script_project 9y ago Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17641 critical 9.8 10.0 EXP resume_clone_script_project 9y ago Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
CVE-2017-17640 critical 9.8 10.0 EXP advanced_world_database_project 9y ago Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-17639 critical 9.8 10.0 EXP muslim_matrimonial_script_project 9y ago Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17638 critical 9.8 10.0 EXP groupon_clone_script_project 9y ago Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-17637 critical 9.8 10.0 EXP car_rental_script_project 9y ago Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
CVE-2017-17636 critical 9.8 10.0 EXP mlm_forced_matrix_project 9y ago MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
CVE-2017-17635 critical 9.8 10.0 EXP mlm_forex_market_plan_script_project 9y ago MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
CVE-2017-17634 critical 9.8 10.0 EXP single_theater_booking_script_project 9y ago Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17633 critical 9.8 10.0 EXP multiplex_movie_theater_booking_script_project 9y ago Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
CVE-2017-17632 critical 9.8 10.0 EXP responsive_events_and_movie_ticket_booking_script_project 9y ago Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17631 critical 9.8 10.0 EXP multireligion_responsive_matrimonial_project 9y ago Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 critical 9.8 10.0 EXP yoga_class_script_project 9y ago Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17629 critical 9.8 10.0 EXP secure_e-commerce_script_project 9y ago Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
CVE-2017-17628 critical 9.8 10.0 EXP responsive_realestate_script_project 9y ago Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-17627 critical 9.8 10.0 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17626 critical 9.8 10.0 EXP readymade_php_classified_script_project 9y ago Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 critical 9.8 10.0 EXP on_demand_marketplace_script_project 9y ago Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 critical 9.8 10.0 EXP php_multivendor_ecommerce_project 9y ago PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 critical 9.8 10.0 EXP opensource_classified_ads_script_project 9y ago Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17622 critical 9.8 10.0 EXP online_exam_test_application_script_project 9y ago Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17621 critical 9.8 10.0 EXP multivendor_penny_auction_clone_script_project 9y ago Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17620 critical 9.8 10.0 EXP lawyer_search_script_project 9y ago Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17619 critical 9.8 10.0 EXP laundry_booking_script_project 9y ago Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17618 critical 9.8 10.0 EXP kickstarter_clone_script_project 9y ago Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17617 critical 9.8 10.0 EXP foodspotting_clone_script_project 9y ago Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17616 critical 9.8 10.0 EXP event_calendar_category_script_project 9y ago Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17615 high 8.8 9.8 EXP facebook_clone_script_project 9y ago Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
CVE-2017-17614 critical 9.8 10.0 EXP hotel_restaurant_reviews_and_feedback_script_project 9y ago Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 critical 9.8 10.0 EXP freelance_website_script_project 9y ago Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17612 critical 9.8 10.0 EXP hot_scripts_clone_project 9y ago Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17611 critical 9.8 10.0 EXP doctor_search_script_project 9y ago Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8 10.0 EXP e-commerce_mlm_software_project 9y ago E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8 10.0 EXP chartered_accountant_booking_script_project 9y ago Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8 10.0 EXP kindergarten_-_elementary_school_listing_script_project 9y ago Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8 10.0 EXP cms_auditor_website_project 9y ago CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8 10.0 EXP co-work_space_search_script_project 9y ago Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8 10.0 EXP consumer_complaints_clone_script_project 9y ago Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8 10.0 EXP entrepreneur_bus_booking_script_project 9y ago Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8 10.0 EXP advanced_real_estate_script_project 9y ago Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8 10.0 EXP advance_b2b_script_project 9y ago Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8 10.0 EXP cab_booking_script_project 9y ago Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8 10.0 EXP basic_b2b_script_project 9y ago Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8 10.0 EXP advance_online_learning_management_script_project 9y ago Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8 10.0 EXP affiliate_mlm_script_project 9y ago Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8 10.0 EXP nearbuy_clone_script_project 9y ago Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8 10.0 EXP entrepreneur_job_portal_script_project 9y ago Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8 10.0 EXP beauty_parlour_booking_script_project 9y ago Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8 10.0 EXP domainsale_php_script_project 9y ago DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17593 high 7.5 8.5 EXP simple_chatting_system_project 9y ago Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVE-2017-17592 critical 9.8 10.0 EXP website_auction_marketplace_project 9y ago Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8 10.0 EXP realestate_crowdfunding_script_project 9y ago Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.