CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7859
https://notcve.org/view.php?id=CVE-2015-7859
29 Oct 2015 — The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente com_contenthistory en Joomla! 3.2 en versiones anteriores a 3.4.5 no comprueba ACLs correctamente, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 94%CPEs: 15EXPL: 8CVE-2015-7297 – Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7297
27 Oct 2015 — SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. Vulnerabilidad de inyección SQL en Joomla! 3.2 en versiones anteriores a 3.4.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7858. • https://packetstorm.news/files/id/180700 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 84%CPEs: 15EXPL: 4CVE-2015-7857 – Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7857
27 Oct 2015 — SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. Vulnerabilidad de inyección SQL en la función getListQuery en administrator/components/com_contenthistory/models/history.php en Joomla! 3.2 en versiones anteriores a 3.4.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro l... • https://packetstorm.news/files/id/134494 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 86%CPEs: 14EXPL: 4CVE-2015-7858 – Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7858
27 Oct 2015 — SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. Vulnerabilidad de inyección SQL en Joomla! 3.2 en versiones anteriores a 3.4.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7297. • https://packetstorm.news/files/id/134494 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-5397
https://notcve.org/view.php?id=CVE-2015-5397
14 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Vulnerabilidad de falsificación de petición de sitios cruzados (CSRF) en Joomla! 3.2.0 a través de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticación de víctimas no especificadas para enviar peticiones que descargan código a través de vectores desconocido... • http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 10%CPEs: 45EXPL: 3CVE-2014-7228 – Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7228
21 Oct 2014 — Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $... • https://packetstorm.news/files/id/128774 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7983
https://notcve.org/view.php?id=CVE-2014-7983
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en com_contact en Joomla! CMS 3.1.2 hasta 3.2.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7984
https://notcve.org/view.php?id=CVE-2014-7984
08 Oct 2014 — Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos autenticarse y evadir restricciones a través de vectores que involucran la autenticación de GMail. • http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-6631
https://notcve.org/view.php?id=CVE-2014-6631
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en com_media en Joomla! 3.2.x anterior a 3.2.5 y 3.3.x anterior a 3.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-6632
https://notcve.org/view.php?id=CVE-2014-6632
08 Oct 2014 — Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. Joomla! 2.5.x anterior a 2.5.25, 3.x anterior a 3.2.4, y 3.3.x anterior a 3.3.4 permite a atacantes remotos autenticar y evadir las restricciones de acceso a través de vectores que involucran la autenticación LDAP . • http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html • CWE-287: Improper Authentication •