CVE-2018-17383

SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.

Source: CVE-2018-17383

CVE-2018-17382

SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.

Source: CVE-2018-17382

CVE-2018-17379

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

Source: CVE-2018-17379

CVE-2018-17376

SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

Source: CVE-2018-17376

CVE-2018-16659

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

Source: CVE-2018-16659

CVE-2018-16587

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

Source: CVE-2018-16587

CVE-2018-17375

SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.

Source: CVE-2018-17375

CVE-2018-17055

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

Source: CVE-2018-17055

CVE-2018-17056

Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2018-17056

CVE-2018-14956

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.

Source: CVE-2018-14956