Search

Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17639 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17640 1 Advanced World Database Project 1 Advanced World Database 2025-04-20 N/A
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-17641 1 Resume Clone Script Project 1 Resume Clone Script 2025-04-20 N/A
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
CVE-2017-17642 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17643 1 Lynda Clone Project 1 Lynda Clone 2025-04-20 9.8 Critical
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2017-17645 1 Phpautoclassifiedscript 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-17648 1 Entrepreneur Dating Script Project 1 Entrepreneur Dating Script 2025-04-20 N/A
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
CVE-2017-17649 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVE-2017-17651 1 Paid To Read Script Project 1 Paid To Read Script 2025-04-20 N/A
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
CVE-2017-17664 1 Digium 2 Asterisk, Certified Asterisk 2025-04-20 N/A
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
CVE-2017-17665 1 Octopus 1 Octopus Deploy 2025-04-20 N/A
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
CVE-2017-17669 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2025-04-20 5.5 Medium
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
CVE-2017-17670 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2025-04-20 N/A
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
CVE-2017-17671 2 Microsoft, Vbulletin 2 Windows, Vbulletin 2025-04-20 9.8 Critical
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
CVE-2017-17672 1 Vbulletin 1 Vbulletin 2025-04-20 N/A
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
CVE-2017-17680 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVE-2017-17681 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVE-2017-17682 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVE-2017-17683 1 Pandasecurity 1 Panda Global Protection 2025-04-20 N/A
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
CVE-2017-17684 1 Pandasecurity 1 Panda Global Protection 2025-04-20 N/A
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.