Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-17960 |
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17959 |
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-17958 |
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17957 |
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-17956 |
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17955 |
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17954 |
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17953 |
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17952 |
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-17951 |
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-17950 |
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-17949 |
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17948 |
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Published: December 28, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-15667 |
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. Published: December 28, 2017; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-5641 |
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. Published: December 28, 2017; 10:29:00 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-15892 |
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. Published: December 28, 2017; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-15886 |
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Published: December 28, 2017; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-17942 |
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Published: December 28, 2017; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17941 |
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. Published: December 28, 2017; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-17940 |
PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. Published: December 28, 2017; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |