Skip to main content
CVE-2017-13099 HIGH POC PATCH THREAT Act Now

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.7%.

Microsoft Information Disclosure Oracle Wolfssl Scalance W1750D Firmware +1
NVD GitHub
CVSS 3.0
7.5
EPSS
78.7%
Threat
5.4
CVE-2017-17382 MEDIUM POC THREAT This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Citrix Information Disclosure Oracle Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
78.3%
Threat
5.0
CVE-2017-13098 HIGH POC PATCH THREAT Act Now

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.2%.

Microsoft Information Disclosure Java Oracle Bc Java
NVD GitHub
CVSS 3.0
7.5
EPSS
66.2%
Threat
5.0
CVE-2017-17427 MEDIUM POC THREAT This Month

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 70.5%.

Information Disclosure Alteon Firmware
NVD
CVSS 3.0
5.9
EPSS
70.5%
Threat
4.8
CVE-2017-17538 HIGH POC THREAT Act Now

MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

Denial Of Service Mikrotik Router Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.3%
CVE-2017-17593 HIGH POC THREAT Act Now

Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

PHP File Upload Simple Chatting System
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-17622 CRITICAL POC Act Now

Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Exam Test Application Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-17621 CRITICAL POC Act Now

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Multivendor Penny Auction Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-17619 CRITICAL POC Act Now

Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Laundry Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-17612 CRITICAL POC Act Now

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hot Scripts Clone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2017-17642 CRITICAL POC Act Now

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Basic Job Site Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17641 CRITICAL POC Act Now

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Resume Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17640 CRITICAL POC Act Now

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced World Database
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17639 CRITICAL POC Act Now

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Muslim Matrimonial Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17638 CRITICAL POC Act Now

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Groupon Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17637 CRITICAL POC Act Now

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Rental Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17636 CRITICAL POC Act Now

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mlm Forced Matrix
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17635 CRITICAL POC Act Now

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mlm Forex Market Plan Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17634 CRITICAL POC Act Now

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Single Theater Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17633 CRITICAL POC Act Now

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Multiplex Movie Theater Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17632 CRITICAL POC Act Now

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive Events And Movie Ticket Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17631 CRITICAL POC Act Now

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Multireligion Responsive Matrimonial
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17630 CRITICAL POC Act Now

Yoga Class Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yoga Class Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17629 CRITICAL POC Act Now

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Secure E Commerce Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17628 CRITICAL POC Act Now

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Responsive Realestate Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17627 CRITICAL POC Act Now

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Readymade Video Sharing Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17626 CRITICAL POC Act Now

Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Readymade Php Classified Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17624 CRITICAL POC Act Now

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17623 CRITICAL POC Act Now

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensource Classified Ads Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17620 CRITICAL POC Act Now

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lawyer Search Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17618 CRITICAL POC Act Now

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kickstarter Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17617 CRITICAL POC Act Now

Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Foodspotting Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17616 CRITICAL POC Act Now

Event Search Script 1.0 has SQL Injection via the /event-list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Event Calendar Category Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17614 CRITICAL POC Act Now

Food Order Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hotel Restaurant Reviews And Feedback Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17613 CRITICAL POC Act Now

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Freelance Website Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17611 CRITICAL POC Act Now

Doctor Search Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Doctor Search Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17610 CRITICAL POC Act Now

E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Mlm Software
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17609 CRITICAL POC Act Now

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Chartered Accountant Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17608 CRITICAL POC Act Now

Child Care Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kindergarten Elementary School Listing Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17607 CRITICAL POC Act Now

CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cms Auditor Website
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17606 CRITICAL POC Act Now

Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Co Work Space Search Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17605 CRITICAL POC Act Now

Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Consumer Complaints Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17604 CRITICAL POC Act Now

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Entrepreneur Bus Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17603 CRITICAL POC Act Now

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Real Estate Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17602 CRITICAL POC Act Now

Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advance B2B Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17601 CRITICAL POC Act Now

Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cab Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17600 CRITICAL POC Act Now

Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Basic B2B Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17599 CRITICAL POC Act Now

Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advance Online Learning Management Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17598 CRITICAL POC Act Now

Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Affiliate Mlm Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17597 CRITICAL POC Act Now

Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nearbuy Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy