Skip to main content
CVE-2017-17596 CRITICAL POC Act Now

Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Entrepreneur Job Portal Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17595 CRITICAL POC Act Now

Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Beauty Parlour Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17594 CRITICAL POC Act Now

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Domainsale Php Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17592 CRITICAL POC Act Now

Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Website Auction Marketplace
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17591 CRITICAL POC Act Now

Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Realestate Crowdfunding Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17573 CRITICAL POC Act Now

FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ebay Clone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17625 CRITICAL POC Act Now

Professional Service Script 1.0 has SQL Injection via the service-list city parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi On Demand Marketplace Script
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17589 CRITICAL POC Act Now

FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thumbtack Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17588 CRITICAL POC Act Now

FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Imdb Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17587 CRITICAL POC Act Now

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Indiamart Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17586 CRITICAL POC Act Now

FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Olx Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17585 CRITICAL POC Act Now

FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Monster Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17584 CRITICAL POC Act Now

FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Makemytrip Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17583 CRITICAL POC Act Now

FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Shutterstock Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17582 CRITICAL POC Act Now

FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Grubhub Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17581 CRITICAL POC Act Now

FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Quibids Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17580 CRITICAL POC Act Now

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Linkedin Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17579 CRITICAL POC Act Now

FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Freelancer Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17578 CRITICAL POC Act Now

FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crowdfunding Script
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17577 CRITICAL POC Act Now

FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Trademe Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17576 CRITICAL POC Act Now

FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gigs Script
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17575 CRITICAL POC Act Now

FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Groupon Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17574 CRITICAL POC Act Now

FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Care Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17572 CRITICAL POC Act Now

FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Amazon Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17571 CRITICAL POC Act Now

FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Foodpanda Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17570 CRITICAL POC Act Now

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Expedia Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17648 CRITICAL POC Act Now

Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Entrepreneur Dating Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17590 CRITICAL POC Act Now

FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stackoverflow Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-17615 HIGH POC This Week

Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Facebook Clone Script
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17537 HIGH POC This Week

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routerboard
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-1635 HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free RCE Tivoli Monitoring
NVD
CVSS 3.0
8.0
EPSS
18.2%
CVE-2017-17568 HIGH POC This Week

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17567 HIGH POC This Week

Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17569 MEDIUM POC This Month

Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14589 CRITICAL Act Now

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
CVSS 3.0
9.6
EPSS
0.3%
CVE-2017-17669 MEDIUM POC This Month

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14590 CRITICAL PATCH Act Now

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bamboo
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-5534 HIGH This Week

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tibbr
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-17665 HIGH This Week

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Deploy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-5530 HIGH This Week

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Tibbr
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14361 HIGH This Week

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Project And Portfolio Management
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-14362 HIGH This Week

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Project And Portfolio Management
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-7738 HIGH This Week

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
7.2
EPSS
0.3%
CVE-2017-11305 MEDIUM PATCH This Month

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Flash Player Desktop Runtime Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2017-14380 MEDIUM This Month

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Isilon Onefs
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-15529 MEDIUM This Month

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Norton Family
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2017-1421 MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17664 MEDIUM PATCH This Month

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2017-1558 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17549 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Microsoft Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy