SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. Date published : 2018-09-27 https://www.exploit-db.com/exploits/45468/ http://packetstormsecurity.com/files/149523/Joomla-Questions-1.4.3-SQL-Injection.html
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter. Date published : 2018-09-27 https://www.exploit-db.com/exploits/45475/ http://packetstormsecurity.com/files/149531/Joomla-Reverse-Auction-Factory-4.3.8-SQL-Injection.html
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter. Date published : 2018-09-27 https://www.exploit-db.com/exploits/45465/ http://packetstormsecurity.com/files/149521/Joomla-Music-Collection-3.0.3-SQL-Injection.html
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote...
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-09-27 https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 Vulnerabilities in...
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Date published : 2018-09-27 https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 Vulnerabilities in Sitefinity WCMS – A Success Story of a Responsible Disclosure...
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further...
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens...
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it,...
The Image Import function in XWiki through 10.7 has XSS. Date published : 2018-09-27 https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x...
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). Date published...