| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. |
| PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. |
| The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. |
| A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. |
| Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. |
| SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. |
| Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. |
| In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. |
| Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. |
