CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 26CVE-2016-10033 – WordPress PHPMailer Host Header Command Injection
https://notcve.org/view.php?id=CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada. PHPMailer version 5.2.17 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/41962 https://www.exploit-db.com/exploits/42024 https://www.exploit-db.com/exploits/41996 https://www.exploit-db.com/exploits/40974 https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40970 https://www.exploit-db.com/exploits/40968 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 https://github.com/opsxcq/exploit-CVE-2016-10033 https://github.com/GeneralTesler/CVE- • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 97%CPEs: 95EXPL: 9CVE-2015-8562 – Joomla HTTP Header Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Joomla! 1.5.x, 2.x y 3.x en versiones anteriores a 3.4.6 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de la cabecera HTTP User-Agent header, como fue explotado en Diciembre 2015. • https://www.exploit-db.com/exploits/38977 https://www.exploit-db.com/exploits/39033 https://github.com/paralelo14/CVE-2015-8562 https://github.com/guanjivip/CVE-2015-8562 https://github.com/thejackerz/scanner-exploit-joomla-CVE-2015-8562 https://github.com/RobinHoutevelts/Joomla-CVE-2015-8562-PHP-POC http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html http://ww • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 32EXPL: 0CVE-2014-6632
https://notcve.org/view.php?id=CVE-2014-6632
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. Joomla! 2.5.x anterior a 2.5.25, 3.x anterior a 3.2.4, y 3.3.x anterior a 3.3.4 permite a atacantes remotos autenticar y evadir las restricciones de acceso a través de vectores que involucran la autenticación LDAP . • http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html http://secunia.com/advisories/61606 http://secunia.com/advisories/61638 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7982
https://notcve.org/view.php?id=CVE-2014-7982
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7984
https://notcve.org/view.php?id=CVE-2014-7984
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos autenticarse y evadir restricciones a través de vectores que involucran la autenticación de GMail. • http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html • CWE-264: Permissions, Privileges, and Access Controls •