CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1455
https://notcve.org/view.php?id=CVE-2013-1455
13 Feb 2013 — Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con una "variable no definida". • http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1454
https://notcve.org/view.php?id=CVE-2013-1454
13 Feb 2013 — Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con "errores de codificación". • http://developer.joomla.org/security/news/550-20130203-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
13 Feb 2013 — plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.... • https://www.exploit-db.com/exploits/24551 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
11 Nov 2012 — Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4531
https://notcve.org/view.php?id=CVE-2012-4531
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especifidados. • http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2012-4532
https://notcve.org/view.php?id=CVE-2012-4532
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/mod_languages/tmpl/default.php en el módulo Language Switcher para Joomla! v2.5.x antes de v2.5.7, permite a a... • http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5455
https://notcve.org/view.php?id=CVE-2012-5455
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográf... • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2012-1116 – Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-1116
26 Sep 2012 — SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! v1.7.x y v2.5.x antes de v2.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/36913 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1117
https://notcve.org/view.php?id=CVE-2012-1117
26 Sep 2012 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.0 y 2.5.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores especificados • http://developer.joomla.org/security/news/392-20120302-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1611
https://notcve.org/view.php?id=CVE-2012-1611
06 Sep 2012 — Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. Joomla! v2.5.x antes de v2.5.4 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del "backend de administración" a través de vectores de ataque desconocidos. • http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •