The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-17589 | FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17588 | FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17587 | FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17586 | FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17585 | FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17584 | FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17583 | FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17582 | FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17581 | FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17580 | FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17579 | FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17578 | FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17577 | FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17576 | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17575 | FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17574 | FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17573 | FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17572 | FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | HIGH | Dec 13, 2017 |
| CVE-2017-17571 | FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17570 | FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | HIGH | Dec 13, 2017 |
| CVE-2017-17569 | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | MEDIUM | Dec 13, 2017 |
| CVE-2017-17568 | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | MEDIUM | Dec 13, 2017 |
| CVE-2017-17567 | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | MEDIUM | Dec 13, 2017 |
| CVE-2017-17566 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17565 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17564 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17563 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17561 | SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. | MEDIUM | Dec 12, 2017 |
| CVE-2017-17560 | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. | HIGH | Dec 12, 2017 |
| CVE-2017-17558 | The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | HIGH | Dec 12, 2017 |
| CVE-2017-17557 | In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process. | MEDIUM | Apr 24, 2018 |
| CVE-2017-17556 | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | LOW | Dec 15, 2017 |
| CVE-2017-17555 | The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | MEDIUM | Dec 11, 2017 |
| CVE-2017-17554 | A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. | MEDIUM | Dec 11, 2017 |
| CVE-2017-17553 | The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser. | MEDIUM | Dec 11, 2017 |
| CVE-2017-17552 | /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | MEDIUM | Feb 7, 2018 |
| CVE-2017-17551 | The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code. | MEDIUM | Dec 11, 2017 |
| CVE-2017-17550 | ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account\'s access could, for example, subsequently be used for stored XSS. | MEDIUM | Nov 10, 2018 |
| CVE-2017-17549 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | MEDIUM | Dec 13, 2017 |
| CVE-2017-17544 | A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | High | Apr 10, 2019 |
| CVE-2017-17543 | Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | MEDIUM | Apr 26, 2018 |
| CVE-2017-17541 | A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | MEDIUM | Jul 17, 2018 |
| CVE-2017-17540 | The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | HIGH | May 8, 2018 |
| CVE-2017-17539 | The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | HIGH | May 8, 2018 |
| CVE-2017-17538 | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | HIGH | Dec 13, 2017 |
| CVE-2017-17537 | MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '�' characters, possibly related to DNS. | MEDIUM | Dec 13, 2017 |
| CVE-2017-17536 | Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring. | MEDIUM | Dec 11, 2017 |
| CVE-2017-17535 | lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | MEDIUM | Dec 14, 2017 |
| CVE-2017-17534 | uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | MEDIUM | Dec 14, 2017 |
