NotCVE - vendor:"Joomla" product:"Joomla\!" version:"3.2.4"

Page 17 of 109 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0

CVE-2015-5608

https://notcve.org/view.php?id=CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. Existe una vulnerabilidad de redirección abierta en Joomla! CMS 3.0.0 hasta la versión 3.4.1. • http://www.securityfocus.com/bid/76496 https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 1%CPEs: 119EXPL: 1

CVE-2017-14596

https://notcve.org/view.php?id=CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. En Joomla! en versiones anteriores a la 3.8.0, un escape inadecuado en el plugin de autenticación LDAP puede resultar en una divulgación del nombre de usuario y la contraseña. • http://www.securityfocus.com/bid/100898 http://www.securitytracker.com/id/1039407 https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596 https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •

CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0

CVE-2017-11364

https://notcve.org/view.php?id=CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 https://developer.joomla.org/security-centre/700-20170704-core-installer-lack-of-ownership-verification.html https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Hanno-Boeck-Abusing-Certificate-Transparency-Logs.pdf https://twitter.com/hanno/status/890281330906247168 • CWE-295: Improper Certificate Validation •

CVSS: 6.1EPSS: 0%CPEs: 160EXPL: 0

CVE-2017-11612

https://notcve.org/view.php?id=CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. En Joomla! en versiones anteriores a la 3.7.4, el filtrado inadecuado de etiquetas HTML potencialmente maliciosas conduce a vulnerabilidades XSS en varios componentes. • http://www.securitytracker.com/id/1039014 https://developer.joomla.org/security-centre/701-20170605-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0

CVE-2017-9933

https://notcve.org/view.php?id=CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. Invalidación del cache inapropiada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una revelación de los contenidos • http://www.securityfocus.com/bid/99450 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...15 16 17 18 19