CVE-2018-5974
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
Source: CVE-2018-5974
[월:] 2018년 02월
CVE-2018-5982
CVE-2018-5982
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
Source: CVE-2018-5982
CVE-2018-5975
CVE-2018-5975
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
Source: CVE-2018-5975
CVE-2018-6218
CVE-2018-6218
A DLL Hijacking vulnerability in Trend Micro’s User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
Source: CVE-2018-6218
CVE-2018-3609
CVE-2018-3609
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
Source: CVE-2018-3609
CVE-2018-1049
CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
Source: CVE-2018-1049
CVE-2017-18089
CVE-2017-18089
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
Source: CVE-2017-18089
CVE-2017-18090
CVE-2017-18090
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
Source: CVE-2017-18090
CVE-2018-7188
CVE-2018-7188
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Source: CVE-2018-7188
CVE-2017-18091
CVE-2017-18091
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Source: CVE-2017-18091