| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16634 | Cri | 0.64 | 9.8 | 0.04 | Nov 10, 2017 | In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | ||
| CVE-2017-16562 | Cri | 0.69 | 9.8 | 0.27 | Nov 10, 2017 | The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | ||
| CVE-2017-11309 | Cri | 0.66 | 9.6 | 0.09 | Nov 10, 2017 | Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | ||
| CVE-2015-7501 | Cri | 0.70 | 9.8 | 0.83 | Nov 9, 2017 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform… | ||
| CVE-2015-3933 | Cri | 0.67 | 9.8 | 0.04 | Nov 8, 2017 | Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | ||
| CVE-2017-16618 | Cri | 0.57 | 9.8 | 0.04 | Nov 8, 2017 | An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load… | ||
| CVE-2017-16616 | Cri | 0.57 | 9.8 | 0.04 | Nov 8, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been… | ||
| CVE-2017-16615 | Cri | 0.57 | 9.8 | 0.03 | Nov 8, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because… | ||
| CVE-2017-16561 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2017 | /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | ||
| CVE-2016-0872 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2017 | A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. | ||
| CVE-2008-7319 | Cri | 0.64 | 9.8 | 0.06 | Nov 7, 2017 | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input… | ||
| CVE-2017-2922 | Cri | 0.64 | 9.8 | 0.03 | Nov 7, 2017 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be… | ||
| CVE-2017-2921 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote… | ||
| CVE-2017-2894 | Cri | 0.66 | 9.8 | 0.31 | Nov 7, 2017 | An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially… | ||
| CVE-2017-2892 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of… | ||
| CVE-2017-2891 | Cri | 0.64 | 9.8 | 0.03 | Nov 7, 2017 | An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send… | ||
| CVE-2017-2864 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a… | ||
| CVE-2017-12085 | Cri | 0.59 | 9.0 | 0.02 | Nov 7, 2017 | An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. | ||
| CVE-2017-15887 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | ||
| CVE-2017-16638 | Cri | 0.64 | 9.8 | 0.01 | Nov 6, 2017 | The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | ||
| CVE-2017-16548 | Cri | 0.64 | 9.8 | 0.05 | Nov 6, 2017 | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified… | ||
| CVE-2017-16543 | Cri | 0.67 | 9.8 | 0.06 | Nov 5, 2017 | Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | ||
| CVE-2017-1000171 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2017 | Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | ||
| CVE-2017-1000154 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2017 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | ||
| CVE-2017-1000153 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2017 | Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can… | ||
| CVE-2017-1000152 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2017 | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out… | ||
| CVE-2017-16523 | Cri | 0.64 | 9.8 | 0.04 | Nov 3, 2017 | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | ||
| CVE-2017-11767 | Cri | 0.57 | 9.8 | 0.10 | Nov 2, 2017 | ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | ||
| CVE-2017-16510 | Cri | 0.57 | 9.8 | 0.08 | Nov 2, 2017 | WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | ||
| CVE-2017-1000121 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2017 | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect… | ||
| CVE-2017-1000245 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2017 | The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | ||
| CVE-2017-14027 | Cri | 0.64 | 9.8 | 0.03 | Nov 1, 2017 | A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC… | ||
| CVE-2017-14021 | Cri | 0.64 | 9.8 | 0.02 | Nov 1, 2017 | A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d,… | ||
| CVE-2017-15535 | Cri | 0.59 | 9.1 | 0.02 | Nov 1, 2017 | MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify… | ||
| CVE-2017-14375 | Cri | 0.64 | 9.8 | 0.05 | Nov 1, 2017 | EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including… | ||
| CVE-2017-1000257 | Cri | 0.60 | 9.1 | 0.06 | Oct 31, 2017 | An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data… | ||
| CVE-2017-14356 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2017 | An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | ||
| CVE-2017-15993 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | ||
| CVE-2017-15992 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | ||
| CVE-2017-15991 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951,… | ||
| CVE-2017-15990 | Cri | 0.67 | 9.8 | 0.08 | Oct 31, 2017 | Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | ||
| CVE-2017-15989 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | ||
| CVE-2017-15988 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | ||
| CVE-2017-15987 | Cri | 0.67 | 9.8 | 0.02 | Oct 31, 2017 | Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | ||
| CVE-2017-15986 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | CPA Lead Reward Script allows SQL Injection via the username parameter. | ||
| CVE-2017-15985 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | ||
| CVE-2017-15984 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | ||
| CVE-2017-15983 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||
| CVE-2017-15982 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||
| CVE-2017-15981 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
- risk 0.64cvss 9.8epss 0.04
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
- risk 0.69cvss 9.8epss 0.27
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
- risk 0.66cvss 9.6epss 0.09
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
- risk 0.70cvss 9.8epss 0.83
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform…
- risk 0.67cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
- risk 0.57cvss 9.8epss 0.04
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load…
- risk 0.57cvss 9.8epss 0.04
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been…
- risk 0.57cvss 9.8epss 0.03
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because…
- risk 0.64cvss 9.8epss 0.01
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.
- risk 0.64cvss 9.8epss 0.01
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.
- risk 0.64cvss 9.8epss 0.06
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input…
- risk 0.64cvss 9.8epss 0.03
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be…
- risk 0.64cvss 9.8epss 0.02
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote…
- risk 0.66cvss 9.8epss 0.31
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially…
- risk 0.64cvss 9.8epss 0.02
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of…
- risk 0.64cvss 9.8epss 0.03
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send…
- risk 0.64cvss 9.8epss 0.02
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a…
- risk 0.59cvss 9.0epss 0.02
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.02
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
- risk 0.64cvss 9.8epss 0.01
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
- risk 0.64cvss 9.8epss 0.05
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified…
- risk 0.67cvss 9.8epss 0.06
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
- risk 0.64cvss 9.8epss 0.01
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
- risk 0.64cvss 9.8epss 0.01
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
- risk 0.64cvss 9.8epss 0.01
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can…
- risk 0.64cvss 9.8epss 0.01
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out…
- risk 0.64cvss 9.8epss 0.04
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
- risk 0.57cvss 9.8epss 0.10
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
- risk 0.57cvss 9.8epss 0.08
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
- risk 0.64cvss 9.8epss 0.01
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect…
- risk 0.64cvss 9.8epss 0.01
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
- risk 0.64cvss 9.8epss 0.03
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC…
- risk 0.64cvss 9.8epss 0.02
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d,…
- risk 0.59cvss 9.1epss 0.02
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify…
- risk 0.64cvss 9.8epss 0.05
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including…
- risk 0.60cvss 9.1epss 0.06
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data…
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
- risk 0.67cvss 9.8epss 0.03
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
- risk 0.67cvss 9.8epss 0.03
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
- risk 0.67cvss 9.8epss 0.03
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951,…
- risk 0.67cvss 9.8epss 0.08
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
- risk 0.67cvss 9.8epss 0.03
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
- risk 0.67cvss 9.8epss 0.03
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
- risk 0.67cvss 9.8epss 0.02
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
- risk 0.67cvss 9.8epss 0.03
CPA Lead Reward Script allows SQL Injection via the username parameter.
- risk 0.67cvss 9.8epss 0.03
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
- risk 0.67cvss 9.8epss 0.03
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
- risk 0.67cvss 9.8epss 0.03
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
- risk 0.67cvss 9.8epss 0.03
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
- risk 0.67cvss 9.8epss 0.03
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.