VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 513ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-17583 critical 9.8 10.0 EXP shutterstock_clone_project 9y ago FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8 10.0 EXP grubhub_clone_project 9y ago FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8 10.0 EXP quibids_clone_project 9y ago FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8 10.0 EXP linkedin_clone_project 9y ago FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8 10.0 EXP freelancer_clone_project 9y ago FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8 10.0 EXP crowdfunding_script_project 9y ago FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8 10.0 EXP trademe_clone_project 9y ago FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8 10.0 EXP gigs_script_project 9y ago FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8 10.0 EXP groupon_clone_project 9y ago FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8 10.0 EXP care_clone_project 9y ago FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8 10.0 EXP fortunescripts 9y ago FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8 10.0 EXP amazon_clone_project 9y ago FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8 10.0 EXP foodpanda_clone_project 9y ago FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8 10.0 EXP expedia_clone_project 9y ago FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-13099 medium 5.9 6.9 EXPFIX debian debian wolfsslarubanetworks 9y ago wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL…
CVE-2017-13098 medium 5.9 6.9 EXPFIX debian debian bouncycastle 9y ago Observable Discrepancy in BouncyCastle
CVE-2017-11906 medium 5.3 6.3 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…
CVE-2017-11885 medium 6.6 7.6 EXP windows windows 9y ago Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709…
CVE-2017-1000385 medium 5.9 6.9 EXPFIX slesdebian debian erlang 9y ago The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priv…
CVE-2017-17560 critical 9.8 10.0 EXP 9y ago An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2017-17111 critical 9.8 10.0 EXP scubez 9y ago Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8 10.0 EXP techno_-_portfolio_management_panel_project 9y ago Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-17055 critical 9.0 10.0 EXP articatech 9y ago Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2017-16884 medium 6.1 7.1 EXP mistserver 9y ago Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
CVE-2016-1252 medium 5.9 6.9 EXPFIX debian debianubuntu ubuntu debian 9y ago The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 bef…
CVE-2017-16930 critical 9.8 10.0 EXP claymore_dual_miner_project 9y ago The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
CVE-2017-11282 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11281 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlie…
CVE-2017-16952 medium 5.5 6.5 EXP kmplayer 9y ago KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
CVE-2017-16951 medium 5.5 6.5 EXP audiovalley 9y ago Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
CVE-2017-16994 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kern…
CVE-2017-16962 medium 6.1 7.1 EXP communigate 9y ago The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf…
CVE-2017-16935 critical 9.8 10.0 EXP ametys 9y ago Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
CVE-2017-16934 critical 9.8 10.0 EXP dbltek 9y ago The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
CVE-2015-3934 critical 9.8 10.0 EXP fiyo 9y ago Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
CVE-2017-16819 medium 5.4 6.4 EXP 9y ago A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…
CVE-2017-16843 medium 5.4 6.4 EXP 9y ago Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVE-2017-16841 medium 6.1 7.1 EXP lansweeper 9y ago LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
CVE-2017-16836 medium 6.1 7.1 EXP 9y ago Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
CVE-2017-15271 medium 5.9 6.9 EXP psftp 9y ago A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically res…
CVE-2017-15270 medium 5.3 6.3 EXP psftp 9y ago The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface…
CVE-2017-11831 medium 4.7 5.7 EXP windows windows 9y ago Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Serv…
CVE-2017-11830 medium 5.3 6.3 EXP windows windows 9y ago Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security f…
CVE-2017-12635 critical 9.8 10.0 EXPFIX slesarch arch apache 9y ago multiple issues in couchdb
CVE-2017-16807 medium 5.4 6.4 EXP getkirby 9y ago Kirby XSS Vulnerability
CVE-2017-13849 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows re…
CVE-2017-16783 critical 9.8 10.0 EXP cmsmadesimple 9y ago In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-16781 medium 5.4 6.4 EXP mybb 9y ago The installer in MyBB before 1.8.13 has XSS.
CVE-2017-16780 critical 9.8 10.0 EXP mybb 9y ago The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2017-16568 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, w…
CVE-2017-16567 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malic…
CVE-2017-16562 critical 9.8 10.0 EXP userproplugin 9y ago The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value f…
CVE-2017-11309 critical 9.6 10.0 EXP avaya 9y ago Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVE-2015-3933 critical 9.8 10.0 EXP metalgenix 9y ago MetalGenix GeniXCMS vulnerable to SQL Injection
CVE-2017-14016 medium 6.3 7.3 EXP advantech 9y ago A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying…
CVE-2017-16543 critical 9.8 10.0 EXP zohocorp 9y ago Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVE-2017-16353 medium 6.5 7.5 EXPFIX slesdebian debian graphicsmagick 9y ago GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p…
CVE-2017-15993 critical 9.8 10.0 EXP zomato_clone_script_project 9y ago Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-15992 critical 9.8 10.0 EXP website_broker_script_project 9y ago Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15991 critical 9.8 10.0 EXP vastal 9y ago Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type,…
CVE-2017-15990 critical 9.8 10.0 EXP savsofteproducts 9y ago Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVE-2017-15989 critical 9.8 10.0 EXP online_exam_test_application_project 9y ago Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
CVE-2017-15988 critical 9.8 10.0 EXP nicephpscripts 9y ago Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
CVE-2017-15987 critical 9.8 10.0 EXP fake_magazine_cover_script_project 9y ago Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
CVE-2017-15986 critical 9.8 10.0 EXP cpa_lead_reward_script_project 9y ago CPA Lead Reward Script allows SQL Injection via the username parameter.
CVE-2017-15985 critical 9.8 10.0 EXP readymadeb2bscript 9y ago Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15984 critical 9.8 10.0 EXP bekirk 9y ago Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
CVE-2017-15983 critical 9.8 10.0 EXP geniusocean 9y ago MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15982 critical 9.8 10.0 EXP geniusocean 9y ago Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15981 critical 9.8 10.0 EXP geniusocean 9y ago Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15980 critical 9.8 10.0 EXP rowindex 9y ago US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVE-2017-15979 critical 9.8 10.0 EXP odallated 9y ago Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
CVE-2017-15978 critical 9.8 10.0 EXP arox 9y ago AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15977 critical 9.8 10.0 EXP protectedlinks 9y ago Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2012-5357 critical 9.8 10.0 EXP ektron 9y ago Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE …
CVE-2017-15976 critical 9.8 10.0 EXP zeescripts 9y ago ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-15975 critical 9.8 10.0 EXP vastal 9y ago Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15974 critical 9.8 10.0 EXP datacomponents 9y ago tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15973 critical 9.8 10.0 EXP sokial 9y ago Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-15972 critical 9.8 10.0 EXP softdatepro 9y ago SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15…
CVE-2017-15971 critical 9.8 10.0 EXP softdatepro 9y ago Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2017-15970 critical 9.8 10.0 EXP phpcityportal 9y ago PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-15969 critical 9.8 10.0 EXP pilotgroup 9y ago PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-15968 critical 9.8 10.0 EXP contractorscripts 9y ago MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15967 critical 9.8 10.0 EXP mailing-manager 9y ago Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 critical 9.8 10.0 EXP zh_yandexmap_project 9y ago The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-15965 critical 9.8 10.0 EXP nswd 9y ago The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15964 critical 9.8 10.0 EXP nicephpscripts 9y ago Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15963 critical 9.8 10.0 EXP itechscripts 9y ago iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVE-2017-15962 critical 9.8 10.0 EXP istock_management_system_project 9y ago iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-15961 critical 9.8 10.0 EXP iproject_management_system_project 9y ago iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15960 critical 9.8 10.0 EXP yourarticlesdirectory 9y ago Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15959 critical 9.8 10.0 EXP adultscriptpro 9y ago Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2017-15958 critical 9.8 10.0 EXP domainzaar 9y ago D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2014-2023 critical 9.8 10.0 EXP tapatalk 9y ago Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API r…
CVE-2017-15878 medium 6.1 7.1 EXP keystonejs 9y ago Cross-Site Scripting in keystone
CVE-2017-15223 medium 5.3 6.3 EXP argosoft 9y ago Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in…
CVE-2017-15222 critical 9.8 10.0 EXP nftp_project 9y ago Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
CVE-2017-15081 critical 9.8 10.0 EXP phpsugar 9y ago In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2011-3187 medium 5.3 EXP debian debian rubyonrails 9y ago The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which…