CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
Netport_software, Logo!8_bm_firmware, Logo!8_bm, Cp1604_firmware, Cp1604, Cp1616_firmware, Cp1616, Dk_standard_ethernet_controller_firmware, Dk_standard_ethernet_controller, Ek-ertec_200_firmware, Ek-ertec_200
2017-09-29
N/A
N/A
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
Ebay_clone_auction_script, Photovideotube, Shaadiclone, Zeejobsite, Zeelyrics, Zeematri, Zeeproperty
2017-09-29
N/A
N/A
Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.
Ebay_clone_auction_script, Photovideotube, Shaadiclone, Zeejobsite, Zeelyrics, Zeematri, Zeeproperty
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.
Ebay_clone_auction_script, Photovideotube, Shaadiclone, Zeejobsite, Zeelyrics, Zeematri, Zeeproperty
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/.
Ebay_clone_auction_script, Photovideotube, Shaadiclone, Zeejobsite, Zeelyrics, Zeematri, Zeeproperty
2017-09-29
N/A
N/A
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information.
Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader, Services
2017-08-17
N/A
N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader, Services
2017-08-17
N/A
N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader, Services
2017-08-17
N/A
N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.