CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 https://developer.joomla.org/security-centre/700-20170704-core-installer-lack-of-ownership-verification.html https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Hanno-Boeck-Abusing-Certificate-Transparency-Logs.pdf https://twitter.com/hanno/status/890281330906247168 • CWE-295: Improper Certificate Validation •
CVE-2012-1018 – Joomla! Component Currency Converter 1.0.0 - 'from' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1018
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en includes/convert.php en el módulo D-Mack Media Currency Converter (mod_currencyconverter) v1.0.0 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro from. • https://www.exploit-db.com/exploits/36659 http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt http://www.securityfocus.com/bid/51804 https://exchange.xforce.ibmcloud.com/vulnerabilities/72917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4927 – Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4927
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php. Vulnerabilidad de inyección SQL en el componente Restaurant Guide (com_restaurantguide) v1.0.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "country" sobre index.php. • https://www.exploit-db.com/exploits/15040 http://packetstormsecurity.org/1009-exploits/joomlarestaurantguide-sqlxsslfi.txt http://securityreason.com/securityalert/8458 http://www.exploit-db.com/exploits/15040 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4928 – Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4928
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Restaurant Guide (com_restaurantguide) v1.0.0 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML situándolo después del caracter > (mayor que) • https://www.exploit-db.com/exploits/15040 http://packetstormsecurity.org/1009-exploits/joomlarestaurantguide-sqlxsslfi.txt http://securityreason.com/securityalert/8458 http://www.exploit-db.com/exploits/15040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •