CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3057
https://notcve.org/view.php?id=CVE-2013-3057
03 May 2013 — Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a usuarios autenticados remotos eludir los requerimientos de privilegio y listar los privilegios de usuarios de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/82-20130402-core-information-disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3058
https://notcve.org/view.php?id=CVE-2013-3058
03 May 2013 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3059
https://notcve.org/view.php?id=CVE-2013-3059
03 May 2013 — Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin Voting en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 3CVE-2013-3242 – Joomla! 3.0.3 - 'remember.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-3242
03 May 2013 — plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. plugins/system/remember/remember.php en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 no controla correctamente un objeto obtenido por la "serialización" de una cookie, lo que permite a los usuarios r... • https://www.exploit-db.com/exploits/25087 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3267
https://notcve.org/view.php?id=CVE-2013-3267
03 May 2013 — Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin highlighter en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1454
https://notcve.org/view.php?id=CVE-2013-1454
13 Feb 2013 — Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con "errores de codificación". • http://developer.joomla.org/security/news/550-20130203-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1455
https://notcve.org/view.php?id=CVE-2013-1455
13 Feb 2013 — Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con una "variable no definida". • http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
13 Feb 2013 — plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.... • https://www.exploit-db.com/exploits/24551 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5455
https://notcve.org/view.php?id=CVE-2012-5455
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográf... • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 12%CPEs: 20EXPL: 3CVE-2010-1307 – Joomla! Component Magic Updater - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1307
08 Apr 2010 — Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Magic Updater (com_joomlaupdater) para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •