The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-18010 | The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | MEDIUM | Jan 1, 2018 |
| CVE-2017-18009 | In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. | MEDIUM | Jan 1, 2018 |
| CVE-2017-18008 | In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. | MEDIUM | Jan 3, 2018 |
| CVE-2017-18006 | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | MEDIUM | Dec 31, 2017 |
| CVE-2017-18005 | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | MEDIUM | Dec 31, 2017 |
| CVE-2017-18004 | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | LOW | Dec 31, 2017 |
| CVE-2017-18001 | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | HIGH | Dec 31, 2017 |
| CVE-2017-17999 | SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | HIGH | Jan 23, 2018 |
| CVE-2017-17997 | In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | MEDIUM | Dec 30, 2017 |
| CVE-2017-17996 | A buffer overflow vulnerability in Add command functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege. | HIGH | Feb 6, 2018 |
| CVE-2017-17995 | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | LOW | Dec 29, 2017 |
| CVE-2017-17994 | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | LOW | Dec 29, 2017 |
| CVE-2017-17993 | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | LOW | Dec 29, 2017 |
| CVE-2017-17992 | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17991 | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | LOW | Dec 29, 2017 |
| CVE-2017-17990 | Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17989 | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | LOW | Dec 29, 2017 |
| CVE-2017-17988 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | LOW | Dec 29, 2017 |
| CVE-2017-17987 | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17986 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | LOW | Dec 29, 2017 |
| CVE-2017-17985 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | LOW | Dec 29, 2017 |
| CVE-2017-17984 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | LOW | Dec 29, 2017 |
| CVE-2017-17983 | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17982 | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17981 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | LOW | Dec 29, 2017 |
| CVE-2017-17976 | In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | HIGH | Jan 27, 2018 |
| CVE-2017-17975 | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label\'s code attempts to both access and free this data structure. | MEDIUM | Jan 2, 2018 |
| CVE-2017-17974 | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17973 | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. | MEDIUM | Jan 2, 2018 |
| CVE-2017-17972 | packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362. | MEDIUM | Jul 7, 2019 |
| CVE-2017-17971 | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | MEDIUM | Dec 29, 2017 |
| CVE-2017-17970 | Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php. | HIGH | Jan 13, 2018 |
| CVE-2017-17969 | Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | Medium | Feb 15, 2018 |
| CVE-2017-17968 | A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. | HIGH | Dec 29, 2017 |
| CVE-2017-17967 | pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17960 | PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17959 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | HIGH | Dec 28, 2017 |
| CVE-2017-17958 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17957 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | HIGH | Dec 28, 2017 |
| CVE-2017-17956 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17955 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17954 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17953 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17952 | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17951 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | HIGH | Dec 28, 2017 |
| CVE-2017-17950 | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17949 | Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17948 | Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | MEDIUM | Dec 28, 2017 |
| CVE-2017-17947 | A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal. | LOW | Jan 16, 2018 |
| CVE-2017-17946 | A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long Title name field in mail box data that is mishandled in an Open from mail box action. | HIGH | Jan 10, 2018 |
