CVEs

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP…

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which…

vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is…

Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least…

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute…

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

Yoga Class Script 1.0 has SQL Injection via the /list city parameter.

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.

Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.

Professional Service Script 1.0 has SQL Injection via the service-list city parameter.

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.

Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.

Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.

Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.

Event Search Script 1.0 has SQL Injection via the /event-list city parameter.

Food Order Script 1.0 has SQL Injection via the /list city parameter.

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.

Doctor Search Script 1.0 has SQL Injection via the /list city parameter.

E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.

Child Care Script 1.0 has SQL Injection via the /list city parameter.

CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.

Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.

Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.

Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.

Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.

Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.