CVE-2017-14373
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: CVE-2017-14373
[월:] 2017년 10월
CVE-2017-15985
CVE-2017-15985
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
Source: CVE-2017-15985
CVE-2017-15984
CVE-2017-15984
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
Source: CVE-2017-15984
CVE-2017-15986
CVE-2017-15986
CPA Lead Reward Script allows SQL Injection via the username parameter.
Source: CVE-2017-15986
CVE-2016-10699
CVE-2016-10699
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
Source: CVE-2016-10699
CVE-2017-15979
CVE-2017-15979
Shareet – Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
Source: CVE-2017-15979
CVE-2017-15992
CVE-2017-15992
Website Broker Script allows SQL Injection via the ‘status_id’ Parameter to status_list.php.
Source: CVE-2017-15992
CVE-2015-9245
CVE-2015-9245
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
Source: CVE-2015-9245
CVE-2017-15982
CVE-2017-15982
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Source: CVE-2017-15982
CVE-2017-15983
CVE-2017-15983
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Source: CVE-2017-15983