CVE-2014-4914
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
Source: CVE-2014-4914
[월:] 2017년 12월
CVE-2017-17967
CVE-2017-17967
pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.
Source: CVE-2017-17967
CVE-2017-17949
CVE-2017-17949
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.
Source: CVE-2017-17949
CVE-2017-17948
CVE-2017-17948
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.
Source: CVE-2017-17948
CVE-2017-17959
CVE-2017-17959
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
Source: CVE-2017-17959
CVE-2017-17958
CVE-2017-17958
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
Source: CVE-2017-17958
CVE-2017-17957
CVE-2017-17957
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
Source: CVE-2017-17957
CVE-2017-17955
CVE-2017-17955
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
Source: CVE-2017-17955
CVE-2017-17956
CVE-2017-17956
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
Source: CVE-2017-17956
CVE-2017-17953
CVE-2017-17953
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
Source: CVE-2017-17953