CVE-2017-5264 high 8.8
9.8
EXP rapid7 9y ago
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site requ…
CVE-2017-17672 critical 9.8
10.0
EXP vbulletin 9y ago
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage o…
CVE-2017-17648 critical 9.8
10.0
EXP entrepreneur_dating_script_project 9y ago
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
CVE-2017-17642 critical 9.8
10.0
EXP basic_job_site_script_project 9y ago
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17641 critical 9.8
10.0
EXP resume_clone_script_project 9y ago
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
CVE-2017-17640 critical 9.8
10.0
EXP advanced_world_database_project 9y ago
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-17639 critical 9.8
10.0
EXP muslim_matrimonial_script_project 9y ago
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17638 critical 9.8
10.0
EXP groupon_clone_script_project 9y ago
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-17637 critical 9.8
10.0
EXP car_rental_script_project 9y ago
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
CVE-2017-17636 critical 9.8
10.0
EXP mlm_forced_matrix_project 9y ago
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
CVE-2017-17635 critical 9.8
10.0
EXP mlm_forex_market_plan_script_project 9y ago
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
CVE-2017-17634 critical 9.8
10.0
EXP single_theater_booking_script_project 9y ago
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17633 critical 9.8
10.0
EXP multiplex_movie_theater_booking_script_project 9y ago
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
CVE-2017-17632 critical 9.8
10.0
EXP responsive_events_and_movie_ticket_booking_script_project 9y ago
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17631 critical 9.8
10.0
EXP multireligion_responsive_matrimonial_project 9y ago
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 critical 9.8
10.0
EXP yoga_class_script_project 9y ago
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17629 critical 9.8
10.0
EXP secure_e-commerce_script_project 9y ago
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
CVE-2017-17628 critical 9.8
10.0
EXP responsive_realestate_script_project 9y ago
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-17627 critical 9.8
10.0
EXP readymade_video_sharing_script_project 9y ago
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17626 critical 9.8
10.0
EXP readymade_php_classified_script_project 9y ago
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 critical 9.8
10.0
EXP on_demand_marketplace_script_project 9y ago
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 critical 9.8
10.0
EXP php_multivendor_ecommerce_project 9y ago
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 critical 9.8
10.0
EXP opensource_classified_ads_script_project 9y ago
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17622 critical 9.8
10.0
EXP online_exam_test_application_script_project 9y ago
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17621 critical 9.8
10.0
EXP multivendor_penny_auction_clone_script_project 9y ago
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17620 critical 9.8
10.0
EXP lawyer_search_script_project 9y ago
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17619 critical 9.8
10.0
EXP laundry_booking_script_project 9y ago
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17618 critical 9.8
10.0
EXP kickstarter_clone_script_project 9y ago
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17617 critical 9.8
10.0
EXP foodspotting_clone_script_project 9y ago
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17616 critical 9.8
10.0
EXP event_calendar_category_script_project 9y ago
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17615 high 8.8
9.8
EXP facebook_clone_script_project 9y ago
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
CVE-2017-17614 critical 9.8
10.0
EXP hotel_restaurant_reviews_and_feedback_script_project 9y ago
Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 critical 9.8
10.0
EXP freelance_website_script_project 9y ago
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17612 critical 9.8
10.0
EXP hot_scripts_clone_project 9y ago
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17611 critical 9.8
10.0
EXP doctor_search_script_project 9y ago
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8
10.0
EXP e-commerce_mlm_software_project 9y ago
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8
10.0
EXP chartered_accountant_booking_script_project 9y ago
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8
10.0
EXP kindergarten_-_elementary_school_listing_script_project 9y ago
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8
10.0
EXP cms_auditor_website_project 9y ago
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8
10.0
EXP co-work_space_search_script_project 9y ago
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8
10.0
EXP consumer_complaints_clone_script_project 9y ago
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8
10.0
EXP entrepreneur_bus_booking_script_project 9y ago
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8
10.0
EXP advanced_real_estate_script_project 9y ago
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8
10.0
EXP advance_b2b_script_project 9y ago
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8
10.0
EXP cab_booking_script_project 9y ago
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8
10.0
EXP basic_b2b_script_project 9y ago
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8
10.0
EXP advance_online_learning_management_script_project 9y ago
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8
10.0
EXP affiliate_mlm_script_project 9y ago
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8
10.0
EXP nearbuy_clone_script_project 9y ago
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8
10.0
EXP entrepreneur_job_portal_script_project 9y ago
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8
10.0
EXP beauty_parlour_booking_script_project 9y ago
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8
10.0
EXP domainsale_php_script_project 9y ago
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17593 high 7.5
8.5
EXP simple_chatting_system_project 9y ago
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVE-2017-17592 critical 9.8
10.0
EXP website_auction_marketplace_project 9y ago
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8
10.0
EXP realestate_crowdfunding_script_project 9y ago
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8
10.0
EXP stackoverflow-clone_project 9y ago
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8
10.0
EXP thumbtack_clone_project 9y ago
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8
10.0
EXP imdb_clone_project 9y ago
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8
10.0
EXP indiamart_clone_project 9y ago
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8
10.0
EXP olx_clone_project 9y ago
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8
10.0
EXP monster_clone_project 9y ago
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8
10.0
EXP makemytrip_clone_project 9y ago
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17583 critical 9.8
10.0
EXP shutterstock_clone_project 9y ago
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8
10.0
EXP grubhub_clone_project 9y ago
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8
10.0
EXP quibids_clone_project 9y ago
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8
10.0
EXP linkedin_clone_project 9y ago
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8
10.0
EXP freelancer_clone_project 9y ago
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8
10.0
EXP crowdfunding_script_project 9y ago
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8
10.0
EXP trademe_clone_project 9y ago
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8
10.0
EXP gigs_script_project 9y ago
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8
10.0
EXP groupon_clone_project 9y ago
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8
10.0
EXP care_clone_project 9y ago
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8
10.0
EXP fortunescripts 9y ago
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8
10.0
EXP amazon_clone_project 9y ago
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8
10.0
EXP foodpanda_clone_project 9y ago
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8
10.0
EXP expedia_clone_project 9y ago
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17538 high 7.5
8.5
EXP 9y ago
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
CVE-2017-11918 high 7.5
8.5
EXP windows microsoft 9y ago
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine …
CVE-2017-11914 high 7.5
8.5
EXP windows microsoft 9y ago
ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
CVE-2017-11911 high 7.5
8.5
EXP windows microsoft 9y ago
ChakraCore RCE Vulnerability
CVE-2017-11909 high 7.5
8.5
EXP windows microsoft 9y ago
ChakraCore vulnerable to remote code execution
CVE-2017-11907 high 7.5
8.5
EXP windows microsoft 9y ago
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11903 high 7.5
8.5
EXP windows microsoft 9y ago
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11893 high 7.5
8.5
EXP windows microsoft 9y ago
ChakraCore vulnerable to remote code execution
CVE-2017-11890 high 7.5
8.5
EXP windows microsoft 9y ago
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker…
CVE-2017-5717 high 7.8
8.8
EXP intel 9y ago
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
CVE-2017-17560 critical 9.8
10.0
EXP 9y ago
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2014-8358 high 7.8
8.8
EXP 9y ago
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the…
CVE-2017-17111 critical 9.8
10.0
EXP scubez 9y ago
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8
10.0
EXP techno_-_portfolio_management_panel_project 9y ago
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-11319 high 8.8
9.8
EXP resolver 9y ago
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and m…
CVE-2017-16921 high 8.8
9.8
EXP FIX debian otrs 9y ago
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete…
CVE-2017-17055 critical 9.0
10.0
EXP articatech 9y ago
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2017-13156 high 7.8
8.8
EXP FIX debian 9y ago
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVE-2017-14355 high 7.8
8.8
EXP microfocus 9y ago
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
CVE-2017-8824 high 7.8
8.8
EXP FIX arch sles debian 9y ago
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system…
CVE-2017-16930 critical 9.8
10.0
EXP claymore_dual_miner_project 9y ago
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
CVE-2017-16929 high 8.1
9.1
EXP claymore_dual_miner_project 9y ago
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re…
CVE-2017-15889 high 8.8
9.8
EXP 9y ago
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-17090 high 7.5
8.5
EXP FIX debian digium 9y ago
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP …
