Monthly Archive: February 2018

SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. Date published : 2018-02-17 https://exploit-db.com/exploits/44107

SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. Date published : 2018-02-17 https://exploit-db.com/exploits/44132

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in...

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. Date published : 2018-02-17 https://exploit-db.com/exploits/44118

SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. Date published : 2018-02-17 https://exploit-db.com/exploits/44105

SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. Date published : 2018-02-17 https://exploit-db.com/exploits/44112

SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. Date published : 2018-02-17 https://exploit-db.com/exploits/44128

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. Date published : 2018-02-17 https://exploit-db.com/exploits/44127

SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. Date published : 2018-02-17 https://exploit-db.com/exploits/44126

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. Date published : 2018-02-17 https://exploit-db.com/exploits/44122

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. Date published : 2018-02-17 https://exploit-db.com/exploits/44116

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The...

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a...

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in...