| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. |
| EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php. |
| PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. |
| The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. |
| Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. |
| The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. |
| The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. |
| LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. |
| SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. |
| Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. |
