VYPR

CVEs

31,174 total · page 562 of 624

  • CVE-2017-17582CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.

  • CVE-2017-17581CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.

  • CVE-2017-17580CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.

  • CVE-2017-17579CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.

  • CVE-2017-17578CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.

  • CVE-2017-17577CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.

  • CVE-2017-17576CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.

  • CVE-2017-17575CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.

  • CVE-2017-17574CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.

  • CVE-2017-17573CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.

  • CVE-2017-17572CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.

  • CVE-2017-17571CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.

  • CVE-2017-17570CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.

  • CVE-2017-11899CriDec 12, 2017
    risk 0.64cvss 9.8epss 0.06

    Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

  • CVE-2017-17560CriDec 12, 2017
    risk 0.73cvss 9.8epss 0.73

    An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on…

  • CVE-2017-16684CriDec 12, 2017
    risk 0.64cvss 9.8epss 0.03

    SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.

  • CVE-2017-15896CriDec 11, 2017
    risk 0.59cvss 9.1epss 0.02

    Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS…

  • CVE-2017-17111CriDec 11, 2017
    risk 0.67cvss 9.8epss 0.09

    Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.

  • CVE-2017-17110CriDec 11, 2017
    risk 0.67cvss 9.8epss 0.09

    Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

  • CVE-2017-15944CriKEVDec 11, 2017
    risk 0.87cvss 9.8epss 0.98

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

  • CVE-2017-15940CriDec 11, 2017
    risk 0.64cvss 9.8epss 0.05

    The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2017-15708CriDec 11, 2017
    risk 0.65cvss 9.8epss 0.18

    In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially…

  • CVE-2017-17499CriDec 11, 2017
    risk 0.64cvss 9.8epss 0.03

    ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

  • CVE-2017-17484CriDec 10, 2017
    risk 0.64cvss 9.8epss 0.05

    The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and…

  • CVE-2017-3114CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific…

  • CVE-2017-3112CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)…

  • CVE-2017-16398CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the…

  • CVE-2017-11304CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11303CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11302CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11295CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11294CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11293CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation…

  • CVE-2017-11291CriDec 9, 2017
    risk 0.65cvss 10.0epss 0.06

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.

  • CVE-2017-11225CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended…

  • CVE-2017-11215CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --…

  • CVE-2017-11213CriDec 9, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an…

  • CVE-2017-17480CriDec 8, 2017
    risk 0.64cvss 9.8epss 0.05

    In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

  • CVE-2017-17479CriDec 8, 2017
    risk 0.64cvss 9.8epss 0.04

    In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

  • CVE-2017-10906CriDec 8, 2017
    risk 0.64cvss 9.8epss 0.05

    Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

  • CVE-2017-17465CriDec 8, 2017
    risk 0.64cvss 9.8epss 0.01

    K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.

  • CVE-2017-17464CriDec 8, 2017
    risk 0.64cvss 9.8epss 0.01

    K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.

  • CVE-2017-17458CriDec 7, 2017
    risk 0.64cvss 9.8epss 0.06

    In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,…

  • CVE-2017-17430CriDec 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.

  • CVE-2017-17055CriDec 7, 2017
    risk 0.62cvss 9.0epss 0.09

    Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

  • CVE-2016-5713CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.02

    Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

  • CVE-2017-13160CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.02

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.

  • CVE-2017-13150CriDec 6, 2017
    risk 0.59cvss 9.1epss 0.00

    An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.

  • CVE-2017-13149CriDec 6, 2017
    risk 0.59cvss 9.1epss 0.00

    An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.

  • CVE-2017-0879CriDec 6, 2017
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.