Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1598 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.
CVE-2017-15980 1 Rowindex 1 Us Zip Codes Database Script 2025-04-20 N/A
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVE-2017-15981 1 Geniusocean 1 Newspaper 2025-04-20 9.8 Critical
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15982 1 Geniusocean 1 News 2025-04-20 9.8 Critical
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15983 1 Geniusocean 1 Mymagazine Magazine \& Blog Cms 2025-04-20 N/A
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15984 1 Bekirk 1 Creative Management System Lite 2025-04-20 N/A
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
CVE-2017-15985 1 Readymadeb2bscript 1 Basic B2b Script 2025-04-20 N/A
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15986 1 Cpa Lead Reward Script Project 1 Cpa Lead Reward Script 2025-04-20 N/A
CPA Lead Reward Script allows SQL Injection via the username parameter.
CVE-2017-15987 1 Fake Magazine Cover Script Project 1 Fake Magazine Cover Script 2025-04-20 N/A
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
CVE-2017-15988 1 Nicephpscripts 1 Nice Php Faq Script 2025-04-20 N/A
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
CVE-2017-15989 1 Online Exam Test Application Project 1 Online Exam Test Application 2025-04-20 N/A
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
CVE-2017-15990 1 Savsofteproducts 1 Phpinventory 2025-04-20 9.8 Critical
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVE-2017-15991 1 Vastal 1 Agent Zone 2025-04-20 N/A
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
CVE-2017-15992 1 Website Broker Script Project 1 Website Broker Script 2025-04-20 N/A
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15993 1 Zomato Clone Script Project 1 Zomato Clone Script 2025-04-20 N/A
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-15994 1 Samba 1 Rsync 2025-04-20 N/A
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.
CVE-2017-15996 1 Gnu 1 Binutils 2025-04-20 N/A
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
CVE-2017-15997 1 Nq 1 Contacts Backup \& Restore 2025-04-20 N/A
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
CVE-2017-15998 1 Nq 1 Contacts Backup \& Restore 2025-04-20 N/A
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
CVE-2017-15999 1 Nq 1 Contacts Backup \& Restore 2025-04-20 N/A
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.