CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2017 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2017-17619 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
102 CVE-2017-17618 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
103 CVE-2017-17617 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
104 CVE-2017-17616 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
105 CVE-2017-17614 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Food Order Script 1.0 has SQL Injection via the /list city parameter.
106 CVE-2017-17613 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
107 CVE-2017-17612 89 Sql 2017-12-13 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
108 CVE-2017-17611 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
109 CVE-2017-17610 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
110 CVE-2017-17609 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
111 CVE-2017-17608 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Child Care Script 1.0 has SQL Injection via the /list city parameter.
112 CVE-2017-17607 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
113 CVE-2017-17606 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
114 CVE-2017-17605 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
115 CVE-2017-17604 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
116 CVE-2017-17603 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
117 CVE-2017-17602 89 Sql 2017-12-13 2017-12-26
7.5
None Remote Low Not required Partial Partial Partial
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
118 CVE-2017-17601 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
119 CVE-2017-17600 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
120 CVE-2017-17599 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
121 CVE-2017-17598 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
122 CVE-2017-17597 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
123 CVE-2017-17596 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
124 CVE-2017-17595 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
125 CVE-2017-17594 89 Sql 2017-12-13 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
126 CVE-2017-17592 89 Sql 2017-12-13 2017-12-21
7.5
None Remote Low Not required Partial Partial Partial
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
127 CVE-2017-17591 89 Sql 2017-12-13 2017-12-21
7.5
None Remote Low Not required Partial Partial Partial
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
128 CVE-2017-17590 89 Overflow Sql 2017-12-13 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
129 CVE-2017-17589 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
130 CVE-2017-17588 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
131 CVE-2017-17587 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
132 CVE-2017-17586 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
133 CVE-2017-17585 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
134 CVE-2017-17584 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
135 CVE-2017-17583 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
136 CVE-2017-17582 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
137 CVE-2017-17581 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
138 CVE-2017-17580 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
139 CVE-2017-17579 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
140 CVE-2017-17578 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
141 CVE-2017-17577 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
142 CVE-2017-17576 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
143 CVE-2017-17575 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
144 CVE-2017-17574 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
145 CVE-2017-17573 89 Sql 2017-12-13 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
146 CVE-2017-17572 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
147 CVE-2017-17571 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
148 CVE-2017-17570 89 Sql 2017-12-13 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
149 CVE-2017-17560 287 Exec Code 2017-12-12 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
150 CVE-2017-17558 787 DoS 2017-12-12 2019-05-14
7.2
None Local Low Not required Complete Complete Complete
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
Total number of vulnerabilities : 444   Page : 1 2 3 (This Page)4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.