Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-17992 |
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2017-17991 |
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17990 |
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17989 |
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17988 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17987 |
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-17986 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17985 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17984 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17983 |
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-17982 |
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 6.0 MEDIUM |
CVE-2017-17981 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17975 |
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. Published: December 29, 2017; 8:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-17901 |
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2015-8008 |
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-3302 |
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-9515 |
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-8119 |
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-4978 |
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 3.6 LOW |
CVE-2014-3630 |
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. Published: December 29, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |