CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
02 Aug 2017 — The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 160EXPL: 0CVE-2017-11612
https://notcve.org/view.php?id=CVE-2017-11612
26 Jul 2017 — In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. En Joomla! en versiones anteriores a la 3.7.4, el filtrado inadecuado de etiquetas HTML potencialmente maliciosas conduce a vulnerabilidades XSS en varios componentes. • http://www.securitytracker.com/id/1039014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 137EXPL: 0CVE-2017-7983
https://notcve.org/view.php?id=CVE-2017-7983
25 Apr 2017 — In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Al enviar un email utilizando JMail API, en Joomla! 1.5.0 hasta 3.6.5, se divulga en la cabecera del email la versión de PHPMailer utilizada. El fallo ha sido corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7985
https://notcve.org/view.php?id=CVE-2017-7985
25 Apr 2017 — In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. El filtrado inadecuado de caracteres multibyte, en Joomla 1.5.0 hasta 3.6.5, puede derivar en vulnerabilidades XSS en varios componentes. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 137EXPL: 0CVE-2017-7986
https://notcve.org/view.php?id=CVE-2017-7986
25 Apr 2017 — In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. Un unadecuado sistema de filtrado de atributos HTML en Joomla! 1.5.0 hasta 3.6.5 permite realizar un ataque de cross-site scripting en varios componentes. • http://www.securityfocus.com/bid/98024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 3EXPL: 11CVE-2016-10045 – PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10045
28 Dec 2016 — The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando ... • https://packetstorm.news/files/id/140286 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 38CVE-2016-10033 – WordPress Core 4.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10033
26 Dec 2016 — The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobl... • https://packetstorm.news/files/id/142486 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 94%CPEs: 95EXPL: 16CVE-2015-8562 – Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-8562
16 Dec 2015 — Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Joomla! 1.5.x, 2.x y 3.x en versiones anteriores a 3.4.6 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de la cabecera HTTP User-Agent header, como fue explotado en Diciembre 2015. • https://packetstorm.news/files/id/134949 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2012-2413
https://notcve.org/view.php?id=CVE-2012-2413
20 Oct 2014 — Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. Vulnerabilidad de XSS en la plantilla ja_purity para Joomla! 1.5.26 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro Mod* cookie en html/modules.php. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2012-1598
https://notcve.org/view.php?id=CVE-2012-1598
03 Dec 2012 — Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." Joomla! v1.5.x antes de 1.5.26 tiene un impacto no especificado y vectores de ataque relacionados con una "aleatoriedad insuficiente" y una "vulnerabilidad de restablecimiento de contraseña". • http://developer.joomla.org/security/news/396-20120305-core-password-change.html • CWE-264: Permissions, Privileges, and Access Controls •