CVE-2018-5980

This is an entry in the Common Vulnerability Index under number CVE-2018-5980. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-5980

Description: SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-7472

This is an entry in the Common Vulnerability Index under number CVE-2018-7472. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-7472

Description: INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-8069

This is an entry in the Common Vulnerability Index under number CVE-2018-8069. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-8069

Description: QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-6465

This is an entry in the Common Vulnerability Index under number CVE-2018-6465. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-6465

Description: The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-1000134

This is an entry in the Common Vulnerability Index under number CVE-2018-1000134. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-1000134

Description: UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn’t check for empty password when running in synchronous mode.

Continue Reading …

CVE-2018-2364

This is an entry in the Common Vulnerability Index under number CVE-2018-2364. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-2364

Description: SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.

Continue Reading …

CVE-2018-7314

This is an entry in the Common Vulnerability Index under number CVE-2018-7314. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-7314

Description: SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-1000056

This is an entry in the Common Vulnerability Index under number CVE-2018-1000056. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-1000056

Description: Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master,

Continue Reading …

CVE-2018-5308

This is an entry in the Common Vulnerability Index under number CVE-2018-5308. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-5308

Description: PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

Continue Reading …