joomla vulnerabilities and exploits

NA
CVE-2019-6342

Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw when the Workspaces module is enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions....

4.3
CVSSv2
CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page....

GoogleChrome
6.4
CVSSv2
CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to...

OracleDatabase ServerPrimavera P6 Enterprise Project Portfolio Management
7.5
CVSSv2
CVE-2018-17381

SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter....

7.5
CVSSv2
CVE-2018-17374

SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter....

7.5
CVSSv2
CVE-2018-17386

SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/....

7.5
CVSSv2
CVE-2018-17399

SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter....

7.5
CVSSv2
CVE-2018-17398

SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter....

7.2
CVSSv2
CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence...

ZohocorpManageengine Adselfservice Plus
5.5
CVSSv2
CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network...

OracleWeblogic Server