VIR Vulnerability Intelligence Relay

Search

Found 13,013 results in 1787ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-17628 critical 9.8 10.0 EXP responsive_realestate_script_project 9y ago Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-17627 critical 9.8 10.0 EXP readymade_video_sharing_script_project 9y ago Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17626 critical 9.8 10.0 EXP readymade_php_classified_script_project 9y ago Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 critical 9.8 10.0 EXP on_demand_marketplace_script_project 9y ago Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 critical 9.8 10.0 EXP php_multivendor_ecommerce_project 9y ago PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 critical 9.8 10.0 EXP opensource_classified_ads_script_project 9y ago Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17622 critical 9.8 10.0 EXP online_exam_test_application_script_project 9y ago Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17621 critical 9.8 10.0 EXP multivendor_penny_auction_clone_script_project 9y ago Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17620 critical 9.8 10.0 EXP lawyer_search_script_project 9y ago Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17619 critical 9.8 10.0 EXP laundry_booking_script_project 9y ago Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17618 critical 9.8 10.0 EXP kickstarter_clone_script_project 9y ago Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17617 critical 9.8 10.0 EXP foodspotting_clone_script_project 9y ago Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17616 critical 9.8 10.0 EXP event_calendar_category_script_project 9y ago Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17614 critical 9.8 10.0 EXP hotel_restaurant_reviews_and_feedback_script_project 9y ago Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 critical 9.8 10.0 EXP freelance_website_script_project 9y ago Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17612 critical 9.8 10.0 EXP hot_scripts_clone_project 9y ago Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17611 critical 9.8 10.0 EXP doctor_search_script_project 9y ago Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 critical 9.8 10.0 EXP e-commerce_mlm_software_project 9y ago E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-17609 critical 9.8 10.0 EXP chartered_accountant_booking_script_project 9y ago Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17608 critical 9.8 10.0 EXP kindergarten_-_elementary_school_listing_script_project 9y ago Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17607 critical 9.8 10.0 EXP cms_auditor_website_project 9y ago CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVE-2017-17606 critical 9.8 10.0 EXP co-work_space_search_script_project 9y ago Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17605 critical 9.8 10.0 EXP consumer_complaints_clone_script_project 9y ago Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17604 critical 9.8 10.0 EXP entrepreneur_bus_booking_script_project 9y ago Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17603 critical 9.8 10.0 EXP advanced_real_estate_script_project 9y ago Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVE-2017-17602 critical 9.8 10.0 EXP advance_b2b_script_project 9y ago Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17601 critical 9.8 10.0 EXP cab_booking_script_project 9y ago Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17600 critical 9.8 10.0 EXP basic_b2b_script_project 9y ago Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8 10.0 EXP advance_online_learning_management_script_project 9y ago Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8 10.0 EXP affiliate_mlm_script_project 9y ago Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8 10.0 EXP nearbuy_clone_script_project 9y ago Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8 10.0 EXP entrepreneur_job_portal_script_project 9y ago Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8 10.0 EXP beauty_parlour_booking_script_project 9y ago Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8 10.0 EXP domainsale_php_script_project 9y ago DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17592 critical 9.8 10.0 EXP website_auction_marketplace_project 9y ago Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8 10.0 EXP realestate_crowdfunding_script_project 9y ago Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8 10.0 EXP stackoverflow-clone_project 9y ago FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8 10.0 EXP thumbtack_clone_project 9y ago FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8 10.0 EXP imdb_clone_project 9y ago FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8 10.0 EXP indiamart_clone_project 9y ago FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8 10.0 EXP olx_clone_project 9y ago FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8 10.0 EXP monster_clone_project 9y ago FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8 10.0 EXP makemytrip_clone_project 9y ago FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17583 critical 9.8 10.0 EXP shutterstock_clone_project 9y ago FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8 10.0 EXP grubhub_clone_project 9y ago FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8 10.0 EXP quibids_clone_project 9y ago FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8 10.0 EXP linkedin_clone_project 9y ago FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8 10.0 EXP freelancer_clone_project 9y ago FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8 10.0 EXP crowdfunding_script_project 9y ago FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8 10.0 EXP trademe_clone_project 9y ago FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8 10.0 EXP gigs_script_project 9y ago FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8 10.0 EXP groupon_clone_project 9y ago FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8 10.0 EXP care_clone_project 9y ago FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8 10.0 EXP fortunescripts 9y ago FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8 10.0 EXP amazon_clone_project 9y ago FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8 10.0 EXP foodpanda_clone_project 9y ago FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8 10.0 EXP expedia_clone_project 9y ago FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-11899 critical 9.8 9.8 windows windows 9y ago Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, a…
CVE-2017-17560 critical 9.8 10.0 EXP 9y ago An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2017-16684 critical 9.8 9.8 sap 9y ago SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
CVE-2017-15896 critical 9.1 9.1 FIX slesdebian debian nodejs 9y ago Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application dat…
CVE-2017-17111 critical 9.8 10.0 EXP scubez 9y ago Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8 10.0 EXP techno_-_portfolio_management_panel_project 9y ago Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-15940 critical 9.8 9.8 9y ago The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to…
CVE-2017-15708 critical 9.8 9.8 apacheoracle 9y ago Remote Code Execution in Apache Synapse
CVE-2017-17499 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-17484 critical 9.8 9.8 FIX slesdebian debian icu-project 9y ago The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote a…
CVE-2017-3114 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co…
CVE-2017-3112 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co…
CVE-2017-16398 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T…
CVE-2017-11304 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11303 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code executio…
CVE-2017-11302 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11295 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11294 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11293 critical 9.8 9.8 adobe 9y ago An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. A…
CVE-2017-11291 critical 10.0 10.0 adobe 9y ago An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
CVE-2017-11225 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mis…
CVE-2017-11215 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old an…
CVE-2017-11213 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to …
CVE-2017-17480 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu uclouvain 9y ago In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv…
CVE-2017-17479 critical 9.8 9.8 FIX slesdebian debian uclouvain 9y ago In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of servi…
CVE-2017-17465 critical 9.8 9.8 k7computing 9y ago K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.
CVE-2017-17464 critical 9.8 9.8 k7computing 9y ago K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.
CVE-2017-17430 critical 9.8 9.8 9y ago Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
CVE-2017-17055 critical 9.0 10.0 EXP articatech 9y ago Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2016-5713 critical 9.8 9.8 FIX debian debian puppet 9y ago Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to…
CVE-2017-13160 critical 9.8 9.8 9y ago A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
CVE-2017-13150 critical 9.1 9.1 9y ago An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.
CVE-2017-13149 critical 9.1 9.1 9y ago An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
CVE-2017-0879 critical 9.1 9.1 9y ago An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.
CVE-2017-17434 critical 9.8 9.8 FIX arch arch slesdebian debian samba 9y ago The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also …
CVE-2017-14374 critical 9.8 9.8 dell 9y ago The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially d…
CVE-2017-6211 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can o…
CVE-2017-14918 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
CVE-2017-14917 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14916 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14914 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.
CVE-2017-14909 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
CVE-2017-14908 critical 9.8 9.8 9y ago In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to veri…