Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2017-17731 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
CVE-2017-16950 Cross-Site Scripting (XSS) in urbackup (CVE-2017-16950)
cross-site scripting in urbackup (CVE-2017-16950). Risk of unauthorized operations or information disclosure.
CVE-2017-17713 SQL Injection in sqli (CVE-2017-17713)
SQL injection in sqli (CVE-2017-17713). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
CVE-2017-17714 Cross-Site Scripting (XSS) in boxug (CVE-2017-17714)
cross-site scripting in boxug (CVE-2017-17714). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2017-14134 Cross-Site Scripting (XSS) in maplesoft (CVE-2017-14134)
cross-site scripting in maplesoft (CVE-2017-14134). Risk of unauthorized operations or information disclosure.
CVE-2017-17715 Path Traversal in path-traversal (CVE-2017-17715)
path traversal in path-traversal (CVE-2017-17715). Successful exploitation can lead to full system takeover.
CVE-2017-3191 Vulnerability in d-link (CVE-2017-3191)
vulnerability in d-link (CVE-2017-3191). Successful exploitation can lead to full system takeover.
CVE-2017-3192 Vulnerability in d-link (CVE-2017-3192)
vulnerability in d-link (CVE-2017-3192). Successful exploitation can lead to full system takeover.
CVE-2017-3184 Vulnerability in dos (CVE-2017-3184)
vulnerability in dos (CVE-2017-3184). Successful exploitation can lead to full system takeover.
CVE-2017-14093 Cross-Site Scripting (XSS) in trendmicro (CVE-2017-14093)
cross-site scripting in trendmicro (CVE-2017-14093). Risk of unauthorized operations or information disclosure.
CVE-2017-14092 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-14092)
vulnerability in csrf (CVE-2017-14092). Successful exploitation can lead to full system takeover.
CVE-2017-17698 Cross-Site Scripting (XSS) in zohocorp (CVE-2017-17698)
cross-site scripting in zohocorp (CVE-2017-17698). Risk of unauthorized operations or information disclosure.
CVE-2017-16788 Path Traversal in path-traversal (CVE-2017-16788)
path traversal in path-traversal (CVE-2017-16788). Successful exploitation can lead to full system takeover.
CVE-2017-16776 Vulnerability in mckesson (CVE-2017-16776)
vulnerability in mckesson (CVE-2017-16776). Successful exploitation can lead to full system takeover.
CVE-2017-15890 Cross-Site Scripting (XSS) in synology (CVE-2017-15890)
cross-site scripting in synology (CVE-2017-15890). Risk of unauthorized operations or information disclosure.
CVE-2017-17695 SQL Injection in sqli (CVE-2017-17695)
SQL injection in sqli (CVE-2017-17695). Successful exploitation can lead to full system takeover.
CVE-2017-17694 Cross-Site Scripting (XSS) in techno-portfolio-management-panel-project (CVE-2017-17694)
cross-site scripting in techno-portfolio-management-panel-project (CVE-2017-17694). Risk of unauthorized operations or information disclosure.
CVE-2017-17697 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-17697)
SSRF in ssrf (CVE-2017-17697). Confidential information can be exposed externally.
CVE-2017-5264 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-5264)
vulnerability in csrf (CVE-2017-5264). Successful exploitation can lead to full system takeover.
CVE-2016-10703 Vulnerability in dos (CVE-2016-10703)
vulnerability in dos (CVE-2016-10703). Risk of unauthorized operations or information disclosure.
CVE-2017-7344 Vulnerability in privilege-escalation (CVE-2017-7344)
vulnerability in privilege-escalation (CVE-2017-7344). Successful exploitation can lead to full system takeover.
CVE-2017-17680 Vulnerability in c (CVE-2017-17680)
vulnerability in c (CVE-2017-17680). Risk of unauthorized operations or information disclosure.
CVE-2017-17681 Vulnerability in c (CVE-2017-17681)
vulnerability in c (CVE-2017-17681). Risk of unauthorized operations or information disclosure.
CVE-2017-17682 Vulnerability in c (CVE-2017-17682)
vulnerability in c (CVE-2017-17682). Risk of unauthorized operations or information disclosure.
CVE-2017-17672 Unsafe Deserialization in deserialization (CVE-2017-17672)
vulnerability in deserialization (CVE-2017-17672). Successful exploitation can lead to full system takeover.
CVE-2017-17671 Path Traversal in apache (CVE-2017-17671)
path traversal in apache (CVE-2017-17671). Successful exploitation can lead to full system takeover.
CVE-2017-17669 Out-of-Bounds Read in cpp (CVE-2017-17669)
vulnerability in cpp (CVE-2017-17669). Risk of unauthorized operations or information disclosure.
CVE-2017-15529 Vulnerability in dos (CVE-2017-15529)
vulnerability in dos (CVE-2017-15529). Risk of unauthorized operations or information disclosure.
CVE-2017-1421 Cross-Site Scripting (XSS) in ibm (CVE-2017-1421)
cross-site scripting in ibm (CVE-2017-1421). Risk of unauthorized operations or information disclosure.
CVE-2017-1546 Cross-Site Scripting (XSS) in ibm (CVE-2017-1546)
cross-site scripting in ibm (CVE-2017-1546). Risk of unauthorized operations or information disclosure.
CVE-2017-17648 SQL Injection in sqli (CVE-2017-17648)
SQL injection in sqli (CVE-2017-17648). Successful exploitation can lead to full system takeover.
CVE-2017-17537 Vulnerability in dos (CVE-2017-17537)
vulnerability in dos (CVE-2017-17537). Risk of unauthorized operations or information disclosure.
CVE-2017-17638 Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-17639 Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17640 SQL Injection in sqli (CVE-2017-17640)
SQL injection in sqli (CVE-2017-17640). Successful exploitation can lead to full system takeover.
CVE-2017-17641 Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
CVE-2017-17642 Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17612 Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17613 SQL Injection in sqli (CVE-2017-17613)
SQL injection in sqli (CVE-2017-17613). Successful exploitation can lead to full system takeover.
CVE-2017-17614 Food Order Script 1.0 has SQL Injection via the /list city parameter.
Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17615 Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
CVE-2017-17616 Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17617 Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-17618 Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17619 Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17620 Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2017-17621 Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17622 Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
CVE-2017-17623 SQL Injection in sqli (CVE-2017-17623)
SQL injection in sqli (CVE-2017-17623). Successful exploitation can lead to full system takeover.
CVE-2017-17624 SQL Injection in sqli (CVE-2017-17624)
SQL injection in sqli (CVE-2017-17624). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →