CVE-2018-6379

In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.

Source: CVE-2018-6379

CVE-2018-6380

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

Source: CVE-2018-6380

CVE-2018-6355

/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.

Source: CVE-2018-6355

CVE-2017-17969

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

Source: CVE-2017-17969

CVE-2018-6398

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

Source: CVE-2018-6398

CVE-2018-6397

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.

Source: CVE-2018-6397

CVE-2018-6395

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.

Source: CVE-2018-6395

CVE-2018-6382

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,

Source: CVE-2018-6382

CVE-2018-6393

FreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter.

Source: CVE-2018-6393

CVE-2018-3835

An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.

Source: CVE-2018-3835