| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. |
| The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. |
| The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. |
| Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. |
| IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |
| Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| Child Care Script 1.0 has SQL Injection via the /list city parameter. |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. |
| The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. |
| Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. |
| Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
| Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. |
