CVE-2017-15986
CPA Lead Reward Script allows SQL Injection via the username parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43073/
CPA Lead Reward Script allows SQL Injection via the username parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43073/
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43074/
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43075/
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43076/
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43077/
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43078/
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43079/
Shareet – Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43080/
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43081/
Protected Links – Expiring Download Links 1.0 allows SQL Injection via the username parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43082/
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either...
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43222/ https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or...
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal...