Security Vulnerabilities - CVEs Published In October 2017
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-10-29
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVSS Score
9.8
EPSS Score
0.022
Published
2017-10-29
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVSS Score
9.8
EPSS Score
0.054
Published
2017-10-29
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-10-28
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-10-28
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-10-28