CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a...
Monthly Archive: June 2019
CVE-2018-17842
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45509
CVE-2018-17841
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/41674
CVE-2018-17840
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45510
CVE-2018-17423
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. Date published : 2019-06-19 https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc https://github.com/e107inc/e107/issues/3414
CVE-2018-17399
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45524
CVE-2018-17398
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45451
CVE-2018-17393
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/46148
CVE-2018-17389
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/46140
CVE-2018-17388
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/46139
CVE-2018-17387
CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/42648
CVE-2018-17386
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45452
CVE-2018-17381
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45462
CVE-2018-17374
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. Date published : 2019-06-19 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45456