National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 2 hours 11 min ago

CVE-2017-15999

Sun, 10/29/2017 - 13:29
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
Categories: Security News

CVE-2017-16000

Sun, 10/29/2017 - 13:29
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
Categories: Security News

CVE-2017-15975

Sun, 10/29/2017 - 02:29
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
Categories: Security News

CVE-2017-15976

Sun, 10/29/2017 - 02:29
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
Categories: Security News

CVE-2017-15994

Sun, 10/29/2017 - 02:29
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
Categories: Security News

CVE-2006-5331

Sun, 10/29/2017 - 02:29
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.
Categories: Security News

CVE-2017-15956

Sun, 10/29/2017 - 02:29
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
Categories: Security News

CVE-2017-15957

Sun, 10/29/2017 - 02:29
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
Categories: Security News

CVE-2017-15958

Sun, 10/29/2017 - 02:29
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
Categories: Security News

CVE-2017-15959

Sun, 10/29/2017 - 02:29
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
Categories: Security News

CVE-2017-15960

Sun, 10/29/2017 - 02:29
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
Categories: Security News

CVE-2017-15961

Sun, 10/29/2017 - 02:29
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
Categories: Security News

CVE-2017-15962

Sun, 10/29/2017 - 02:29
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
Categories: Security News

CVE-2017-15963

Sun, 10/29/2017 - 02:29
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
Categories: Security News

CVE-2017-15964

Sun, 10/29/2017 - 02:29
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
Categories: Security News

CVE-2017-15965

Sun, 10/29/2017 - 02:29
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
Categories: Security News

CVE-2017-15966

Sun, 10/29/2017 - 02:29
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
Categories: Security News

CVE-2017-15967

Sun, 10/29/2017 - 02:29
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
Categories: Security News

CVE-2017-15968

Sun, 10/29/2017 - 02:29
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
Categories: Security News

CVE-2017-15969

Sun, 10/29/2017 - 02:29
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
Categories: Security News

Pages