joomla! vulnerabilities and exploits

NA
CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....

5
CVSSv2
CVE-2019-10946

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users....

7.5
CVSSv2
CVE-2019-10945

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory....

JoomlaJoomla!
6.5
CVSSv2
CVE-2018-4407

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5....

AppleIphone OsMac Os XTvosWatchos
3.5
CVSSv2
CVE-2019-9919

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS....

HarmistechnologyJe Messenger
6.4
CVSSv2
CVE-2019-9918

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database....

HarmistechnologyJe Messenger
5
CVSSv2
CVE-2019-9922

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files....

HarmistechnologyJe Messenger
4
CVSSv2
CVE-2019-9921

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user....

HarmistechnologyJe Messenger
6.5
CVSSv2
CVE-2019-9920

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user....

HarmistechnologyJe Messenger
9.3
CVSSv2
CVE-2017-8570

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243....

MicrosoftOffice