Posted on

VirtueMart com_virtuemart Component 3.0.14 on Joomla administrator/index.php virtuemart_shipmentmethod_id sql injection

A vulnerability, which was classified as critical, was found in VirtueMart com_virtuemart Component 3.0.14 on Joomla (Joomla Component). This affects an unknown code of the file administrator/index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

CVE-2017-18638

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.

Posted on

CVE-2015-9492

The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.