Skip to main content
CVE-2017-15962 CRITICAL POC THREAT Emergency

iStock Management System 1.0 allows Arbitrary File Upload via user/profile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%.

File Upload Istock Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.2%
Threat
4.0
CVE-2017-15956 HIGH POC THREAT Act Now

ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.8%.

PHP Information Disclosure Converto Video Downloader Converter
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.8%
CVE-2017-15966 CRITICAL POC Act Now

The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zh Yandexmap
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-15965 CRITICAL POC Act Now

The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ns Download Shop
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-15974 CRITICAL POC Act Now

tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Tpanel
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.1%
CVE-2017-15976 CRITICAL POC Act Now

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zeebuddy
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15975 CRITICAL POC Act Now

Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dating Zone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15970 CRITICAL POC Act Now

PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpcityportal
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15964 CRITICAL POC Act Now

Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Job Board Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15961 CRITICAL POC Act Now

iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Iproject Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15960 CRITICAL POC Act Now

Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Article Directory Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15958 CRITICAL POC Act Now

D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP D Park Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15973 CRITICAL POC Act Now

Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sokial
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15972 CRITICAL POC Act Now

SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dating Software
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15969 CRITICAL POC Act Now

PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Allsharevideo
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15968 CRITICAL POC Act Now

MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mybuildersite
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15967 CRITICAL POC Act Now

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mailing List Manager Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15963 CRITICAL POC Act Now

iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gigs Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15959 CRITICAL POC Act Now

Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Adultscriptpro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-15971 CRITICAL POC Act Now

Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Same Date Pro
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2017-15957 HIGH POC This Week

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ingenious School Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.3%
CVE-2017-16000 HIGH POC This Week

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-16228 CRITICAL PATCH Act Now

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dulwich
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-15999 CRITICAL Act Now

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Contacts Backup Restore
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-15994 CRITICAL Act Now

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rsync
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-15996 HIGH PATCH This Week

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15997 HIGH This Week

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Contacts Backup Restore
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16227 HIGH PATCH This Week

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quagga Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-15998 HIGH This Week

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Contacts Backup Restore
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy