Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-22 CVE-2018-7318 SQL Injection vulnerability in multiple products
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
network
low complexity
belitsoft oracle CWE-89
critical
 9.8
9.8
2018-02-22 CVE-2018-7316 Unrestricted Upload of File with Dangerous Type vulnerability in Christianwebministries Proclaim 9.1.1
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
network
low complexity
christianwebministries CWE-434
critical
 9.8
9.8
2018-02-22 CVE-2018-7315 SQL Injection vulnerability in Harmistechnology EK Rishta 2.9
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
network
low complexity
harmistechnology CWE-89
critical
 9.8
9.8
2018-02-22 CVE-2018-7314 SQL Injection vulnerability in Mlwebtechnologies Prayercenter 3.0.2
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
network
low complexity
mlwebtechnologies CWE-89
critical
 9.8
9.8
2018-02-22 CVE-2018-7312 SQL Injection vulnerability in Alexandriabooklibrary Alexandria Book Library 3.1.2
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
network
low complexity
alexandriabooklibrary CWE-89
critical
 9.8
9.8
2018-02-22 CVE-2018-7301 Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication.
network
low complexity
eq-3 CWE-306
critical
 9.8
9.8
2018-02-22 CVE-2018-7300 Path Traversal vulnerability in Eq-3 Homematic Ccu2 Firmware
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem.
network
low complexity
eq-3 CWE-22
critical
 9.8
9.8
2018-02-22 CVE-2018-7297 Unspecified vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device.
network
low complexity
eq-3
critical
 9.8
9.8
2018-02-22 CVE-2018-7409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unixodbc
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
network
low complexity
unixodbc CWE-119
critical
 9.8
9.8
2018-02-22 CVE-2017-5250 Insecure Storage of Sensitive Information vulnerability in Insteon for HUB 1.9.7
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
network
low complexity
insteon CWE-922
critical
 9.8
9.8