Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8954 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
| CVE-2017-5806 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
| CVE-2017-5805 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. | |||||
| CVE-2017-8981 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | |||||
| CVE-2017-8956 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
| CVE-2017-12561 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | |||||
| CVE-2017-12558 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2017-12556 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2016-8519 | 1 Hp | 1 Operations Orchestration | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | |||||
| CVE-2018-5991 | 1 Web-dorado | 1 Form Maker | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | |||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | |||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | |||||
| CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
| CVE-2018-6370 | 1 Neojoomla | 1 Neorecruit | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | |||||
| CVE-2018-6372 | 1 Joombooking | 1 Jb Bus | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | |||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | |||||
| CVE-2018-7313 | 1 Cwjoomla | 1 Cw Tags | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||
| CVE-2016-9814 | 1 Simplesamlphp | 2 Saml2, Simplesamlphp | 2018-03-04 | 8.5 HIGH | 9.1 CRITICAL |
| The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | |||||
| CVE-2017-14492 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | |||||
| CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | |||||
| CVE-2018-5975 | 1 Thekrotek | 1 Smart Shoutbox | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | |||||
| CVE-2018-5970 | 1 Techjoomla | 1 Jgive | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | |||||
| CVE-2018-5974 | 1 Albonico | 1 Simplecalendar | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | |||||
| CVE-2018-5971 | 1 Ordasoft | 1 Medialibrary | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | |||||
| CVE-2018-5980 | 1 Solidres | 1 Solidres | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | |||||
| CVE-2018-5990 | 1 Allvideos Reloaded Project | 1 Allvideos Reloaded | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | |||||
| CVE-2018-5992 | 1 Staff Master Project | 1 Staff Master | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | |||||
| CVE-2018-6004 | 1 Techsolsystem | 1 File Download Tracker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | |||||
| CVE-2018-6005 | 1 Realpin Project | 1 Realpin | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | |||||
| CVE-2018-6394 | 1 Techjoomla | 1 Invitex | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | |||||
| CVE-2018-7177 | 1 Saxum2003 | 1 Numerology | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7178 | 1 Saxum2003 | 1 Saxum Picker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | |||||
| CVE-2018-6024 | 1 Thethinkery | 1 Project Log | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | |||||
| CVE-2018-7312 | 1 Alexandriabooklibrary | 1 Alexandria Book Library | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter. | |||||
| CVE-2018-7319 | 1 Os Property Real Estate Project | 1 Os Property Real Estate | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. | |||||
| CVE-2018-5981 | 1 Web-dorado | 1 Gallery Wd | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | |||||
| CVE-2018-6596 | 2 Debian, Django-anymail Project | 2 Debian Linux, Django-anymail | 2018-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. | |||||
| CVE-2018-7180 | 1 Saxum2003 | 1 Astro | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-5982 | 1 Ordasoft | 1 Advertisement Board | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | |||||
| CVE-2018-5993 | 1 Aist Project | 1 Aist | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | |||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-1000042 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-6609 | 1 Jsp Tickets Project | 1 Jsp Tickets | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. | |||||
| CVE-2018-1000044 | 1 Securityonion | 1 Squert | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-6863 | 1 Select Your College Script Project | 1 Select Your College Script | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | |||||