CVEs

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.

FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

Yoga Class Script 1.0 has SQL Injection via the /list city parameter.

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.

Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.

Professional Service Script 1.0 has SQL Injection via the service-list city parameter.

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.

Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.

Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.

Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.

Event Search Script 1.0 has SQL Injection via the /event-list city parameter.

Food Order Script 1.0 has SQL Injection via the /list city parameter.

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.

Doctor Search Script 1.0 has SQL Injection via the /list city parameter.

E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.

Child Care Script 1.0 has SQL Injection via the /list city parameter.

CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.

Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.

Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.