Latest CVE Feed
-
4.8
MEDIUMCVE-2017-17925
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.... Read more
Affected Products : professional_service_script- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-17896
Readymade Job Site Script has XSS via the keyword parameter to the /job URI.... Read more
Affected Products : basic_job_site_script- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-17892
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.... Read more
Affected Products : readymade_video_sharing_script- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-17891
Readymade Video Sharing Script has CSRF via user-profile-edit.php.... Read more
Affected Products : readymade_video_sharing_script- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-17010
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : content_manager_assistant- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-16897
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sig... Read more
Affected Products : passport-wsfed-saml2- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1365
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function... Read more
- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15320
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to... Read more
Affected Products : te60_firmware rp200_firmware te30_firmware te40_firmware te50_firmware te30 te40 te50 te60 rp200- Published: Dec. 22, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5261
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.... Read more
- Published: Dec. 20, 2017
- Modified: Apr. 20, 2025
-
2.3
LOWCVE-2017-15307
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.... Read more
- Published: Dec. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.... Read more
Affected Products : internet_browser- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-17410
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more
Affected Products : internet_security_2018- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-17409
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more
Affected Products : internet_security_2018- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
4.8
MEDIUMCVE-2017-17828
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.... Read more
Affected Products : busbooking-script- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
4.8
MEDIUMCVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data st... Read more
Affected Products : piwigo- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
4.9
MEDIUMCVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.... Read more
Affected Products : piwigo- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
4.9
MEDIUMCVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.... Read more
Affected Products : piwigo- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
8.0
HIGHCVE-2017-5263
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especial... Read more
- Published: Dec. 20, 2017
- Modified: Apr. 20, 2025
-
8.0
HIGHCVE-2017-5262
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.... Read more
- Published: Dec. 20, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-5259
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.... Read more
- Published: Dec. 20, 2017
- Modified: Apr. 20, 2025