The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-17598 | Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17599 | Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17600 | Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17601 | Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17602 | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17603 | Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17604 | Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17605 | Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17606 | Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17607 | CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | HIGH | Dec 13, 2017 |
| CVE-2017-17608 | Child Care Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17609 | Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17610 | E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17611 | Doctor Search Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17612 | Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17613 | Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17614 | Food Order Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17616 | Event Search Script 1.0 has SQL Injection via the /event-list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17617 | Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17618 | Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17619 | Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17620 | Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17621 | Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | HIGH | Dec 13, 2017 |
| CVE-2017-17622 | Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17623 | Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17624 | PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17625 | Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17626 | Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17627 | Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17628 | Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17629 | Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17630 | Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17631 | Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17632 | Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17633 | Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17634 | Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17635 | MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17636 | MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17637 | Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17638 | Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17639 | Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17640 | Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17641 | Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17642 | Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | HIGH | Dec 13, 2017 |
| CVE-2017-17648 | Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17671 | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but .. traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of .. to reach an Apache HTTP Server log file. | HIGH | Dec 13, 2017 |
| CVE-2017-17672 | In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. | HIGH | Dec 13, 2017 |
| CVE-2017-17681 | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | HIGH | Dec 14, 2017 |
| CVE-2017-17682 | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | HIGH | Dec 14, 2017 |
| CVE-2017-17683 | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \.PSMEMDriver DeviceIoControl request. | HIGH | Dec 14, 2017 |
