ihsan sencan vulnerabilities and exploits

5
CVSSv2
CVE-2018-6008

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter....

JoomlatagJtag Members Directory
5
CVSSv2
CVE-2017-17876

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter....

IwcnetworkShift
7.5
CVSSv2
CVE-2018-6004

SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter....

TechsolsystemFile Download Tracker
5
CVSSv2
CVE-2018-18759

Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow....

ModbustoolsModbus Slave
5
CVSSv2
CVE-2018-7482

** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request....

7.5
CVSSv2
CVE-2018-6372

SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter....

JoombookingJb Bus
7.5
CVSSv2
CVE-2018-5979

SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field....

Wchat ProjectWchat
7.5
CVSSv2
CVE-2018-7316

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action....

ChristianwebministriesProclaim
7.5
CVSSv2
CVE-2017-17634

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter....

7.5
CVSSv2
CVE-2017-15982

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing....