Monthly Archive: December 2017

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. Date published : 2017-12-28 http://www.cnvd.org.cn/flaw/show/1169328

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md

Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md