Exploitdb Exploits

CVE-2017-17622 EXPLOITDB CRITICAL text VERIFIED

Online Exam Test Application Script - SQL Injection

Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17639 EXPLOITDB CRITICAL text VERIFIED

Muslim Matrimonial Script - SQL Injection

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17621 EXPLOITDB CRITICAL text VERIFIED

Multivendor Penny Auction Clone Script - SQL Injection

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17631 EXPLOITDB CRITICAL text VERIFIED

Multireligion Responsive Matrimonial - SQL Injection

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17633 EXPLOITDB CRITICAL text VERIFIED

Multiplex Movie Theater Booking Script - SQL Injection

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17635 EXPLOITDB CRITICAL text

Mlm Forex Market Plan Script - SQL Injection

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17636 EXPLOITDB CRITICAL text VERIFIED

Mlm Forced Matrix - SQL Injection

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17620 EXPLOITDB CRITICAL text VERIFIED

Lawyer Search Script - SQL Injection

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17619 EXPLOITDB CRITICAL text VERIFIED

Laundry Booking Script - SQL Injection

Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17618 EXPLOITDB CRITICAL text VERIFIED

Kickstarter Clone Script - SQL Injection

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17612 EXPLOITDB CRITICAL text VERIFIED

Hot Scripts Clone - SQL Injection

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17638 EXPLOITDB CRITICAL text VERIFIED

Groupon Clone Script - SQL Injection

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17613 EXPLOITDB CRITICAL text VERIFIED

Freelance Website Script - SQL Injection

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17617 EXPLOITDB CRITICAL text VERIFIED

Foodspotting Clone Script - SQL Injection

Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17614 EXPLOITDB CRITICAL text VERIFIED

Hotel Restaurant Reviews And Feedback Script - SQL Injection

Food Order Script 1.0 has SQL Injection via the /list city parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17615 EXPLOITDB HIGH text VERIFIED

Facebook Clone Script - SQL Injection

Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.

by Ihsan Sencan

CVSS 8.8

View

CVE-2017-17604 EXPLOITDB CRITICAL text

Entrepreneur Bus Booking Script - SQL Injection

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17637 EXPLOITDB CRITICAL text VERIFIED

Car Rental Script - SQL Injection

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17640 EXPLOITDB CRITICAL text

Advanced World Database - SQL Injection

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17603 EXPLOITDB CRITICAL text VERIFIED

Advanced Real Estate Script - SQL Injection

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-13861 EXPLOITDB HIGH text VERIFIED

Safari Webkit Proxy Object Type Confusion

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

by Google Security Research

CVSS 7.8

View

CVE-2017-17095 EXPLOITDB HIGH text

LibTIFF 4.0.9 - Buffer Overflow

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

by Jungun Baek

CVSS 8.8

View

CVE-2017-17577 EXPLOITDB CRITICAL text VERIFIED

Trademe Clone - SQL Injection

FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17580 EXPLOITDB CRITICAL text VERIFIED

Linkedin Clone - SQL Injection

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.

by Ihsan Sencan

CVSS 9.8

View

CVE-2017-17587 EXPLOITDB CRITICAL text VERIFIED

Indiamart Clone - SQL Injection

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.

by Ihsan Sencan

CVSS 9.8

View