CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2017-15992 89 Sql 2017-10-31 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
52 CVE-2017-15991 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
53 CVE-2017-15990 434 2017-10-31 2020-05-06
7.5
None Remote Low Not required Partial Partial Partial
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
54 CVE-2017-15989 89 Sql 2017-10-31 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
55 CVE-2017-15988 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
56 CVE-2017-15987 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
57 CVE-2017-15986 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
CPA Lead Reward Script allows SQL Injection via the username parameter.
58 CVE-2017-15985 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
59 CVE-2017-15984 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
60 CVE-2017-15983 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
61 CVE-2017-15982 89 Sql 2017-10-31 2020-08-19
7.5
None Remote Low Not required Partial Partial Partial
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
62 CVE-2017-15981 89 Sql 2017-10-31 2020-08-19
7.5
None Remote Low Not required Partial Partial Partial
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
63 CVE-2017-15980 89 Sql 2017-10-31 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
64 CVE-2017-15979 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
65 CVE-2017-15978 89 Sql 2017-10-31 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
66 CVE-2017-15977 89 Sql 2017-10-31 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
67 CVE-2017-15976 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
68 CVE-2017-15975 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
69 CVE-2017-15974 89 Sql Bypass 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
70 CVE-2017-15973 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
71 CVE-2017-15972 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
72 CVE-2017-15971 89 Sql 2017-10-29 2020-08-19
7.5
None Remote Low Not required Partial Partial Partial
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
73 CVE-2017-15970 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
74 CVE-2017-15969 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
75 CVE-2017-15968 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
76 CVE-2017-15967 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
77 CVE-2017-15966 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
78 CVE-2017-15965 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
79 CVE-2017-15964 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
80 CVE-2017-15963 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
81 CVE-2017-15962 434 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
82 CVE-2017-15961 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
83 CVE-2017-15960 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
84 CVE-2017-15959 89 Sql 2017-10-29 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
85 CVE-2017-15958 89 Sql 2017-10-29 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
86 CVE-2017-15957 434 2017-10-29 2017-11-17
6.5
None Remote Low ??? Partial Partial Partial
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
87 CVE-2017-15956 20 2017-10-29 2017-11-17
5.0
None Remote Low Not required Partial None None
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
88 CVE-2017-15955 476 2017-10-28 2018-02-04
4.3
None Remote Medium Not required None None Partial
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.
89 CVE-2017-15954 119 Overflow 2017-10-28 2018-02-04
4.3
None Remote Medium Not required None None Partial
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.
90 CVE-2017-15953 119 Overflow 2017-10-28 2018-02-04
4.3
None Remote Medium Not required None None Partial
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.
91 CVE-2017-15951 20 DoS 2017-10-28 2017-11-13
7.2
None Local Low Not required Complete Complete Complete
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
92 CVE-2017-15950 119 Exec Code Overflow 2017-10-31 2021-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
93 CVE-2017-15949 89 Sql 2017-10-28 2017-11-14
6.5
None Remote Low ??? Partial Partial Partial
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
94 CVE-2017-15948 79 XSS 2017-10-28 2019-11-18
3.5
None Remote Medium ??? None Partial None
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account.
95 CVE-2017-15947 79 XSS 2017-10-28 2020-09-16
3.5
None Remote Medium ??? None Partial None
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
96 CVE-2017-15946 89 Sql 2017-10-28 2017-11-25
7.5
None Remote Low Not required Partial Partial Partial
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
97 CVE-2017-15945 732 +Priv 2017-10-27 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
98 CVE-2017-15939 476 DoS 2017-10-27 2018-01-09
4.3
None Remote Medium Not required None None Partial
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.
99 CVE-2017-15938 119 DoS Overflow 2017-10-27 2018-01-09
5.0
None Remote Low Not required None None Partial
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
100 CVE-2017-15937 200 +Info 2017-10-27 2017-11-14
4.0
None Remote Low ??? Partial None None
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
Total number of vulnerabilities : 1339   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.