Page 20 of 109 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 103EXPL: 1

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. Perdidos tokens CSRF verificados y validación inapropiada de la entrada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una vulnerabilidad XSS. • https://github.com/xyringe/CVE-2017-9934 http://www.securityfocus.com/bid/99451 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. Invalidación del cache inapropiada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una revelación de los contenidos • http://www.securityfocus.com/bid/99450 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 7

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en Joomla! 3.7.x versiones anteriores a 3.7.1 permite a los atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/42033 https://www.exploit-db.com/exploits/44358 https://github.com/brianwrf/Joomla3.7-SQLi-CVE-2017-8917 https://github.com/gmohlamo/CVE-2017-8917 https://github.com/AkuCyberSec/CVE-2017-8917-Joomla-370-SQL-Injection https://github.com/Siopy/CVE-2017-8917 https://github.com/BaptisteContreras/CVE-2017-8917-Joomla http://www.securityfocus.com/bid/98515 http://www.securitytracker.com/id/1038522 https://developer.joomla.org/security-centre/692& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 137EXPL: 0

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Al enviar un email utilizando JMail API, en Joomla! 1.5.0 hasta 3.6.5, se divulga en la cabecera del email la versión de PHPMailer utilizada. El fallo ha sido corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98016 https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0

In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: Fluid Core). Versiones compatibles que son afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a atacante autenticado con acceso a la red a través de HTTP para comprometer PeopleSoft Enterprise PeopleTools. • http://www.securityfocus.com/bid/98028 https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •