CVE-2018-17571
Vanilla before 2.6.1 allows XSS via the email field of a profile.
Source: CVE-2018-17571
[월:] 2018년 09월
CVE-2018-17567
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
Source: CVE-2018-17567
CVE-2018-17397
CVE-2018-17397
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
Source: CVE-2018-17397
CVE-2018-17391
CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
Source: CVE-2018-17391
CVE-2018-17394
CVE-2018-17394
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
Source: CVE-2018-17394
CVE-2018-17385
CVE-2018-17385
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
Source: CVE-2018-17385
CVE-2018-17380
CVE-2018-17380
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
Source: CVE-2018-17380
CVE-2018-17377
CVE-2018-17377
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
Source: CVE-2018-17377
CVE-2018-17378
CVE-2018-17378
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
Source: CVE-2018-17378
CVE-2018-17384
CVE-2018-17384
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
Source: CVE-2018-17384