CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16835
https://notcve.org/view.php?id=CVE-2017-16835
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. La aplicación Photo,Video Locker-Calculator 12.0 para Android tiene android:allowBackup="true" en AndroidManifest.xml, lo que permite que atacantes remotos obtengan información sensible en texto claro mediante un comando "adb backup '-f smart.calculator.gallerylock'". • https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17891
https://notcve.org/view.php?id=CVE-2017-17891
Readymade Video Sharing Script has CSRF via user-profile-edit.php. Readymade Video Sharing Script contiene CSRF mediante user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17892
https://notcve.org/view.php?id=CVE-2017-17892
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Readymade Video Sharing Script contiene inyección SQL mediante el parámetro chnlid en viewsubs.php o el parámetro search en search_video.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17893
https://notcve.org/view.php?id=CVE-2017-17893
Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Readymade Video Sharing Script contiene XSS mediante el parámetro search en search_video.php, el parámetro chnlid en viewsubs.php o el parámetro fname en user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17649 – Readymade Video Sharing Script 3.2 - HTML Injection
https://notcve.org/view.php?id=CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. Readymade Video Sharing Script 3.2 tiene una vulnerabilidad de inyección HTML mediante el parámetro comment en single-video-detail.php. Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability. • https://www.exploit-db.com/exploits/43333 https://packetstormsecurity.com/files/145438/Readymade-Video-Sharing-Script-3.2-HTML-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •