CVE-2013-1455
https://notcve.org/view.php?id=CVE-2013-1455
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con una "variable no definida". • http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/81926 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1454
https://notcve.org/view.php?id=CVE-2013-1454
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con "errores de codificación". • http://developer.joomla.org/security/news/550-20130203-core-information-disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/81927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. • https://www.exploit-db.com/exploits/24551 http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html http://karmainsecurity.com/KIS-2013-03 http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 •
CVE-2012-5455
https://notcve.org/view.php?id=CVE-2012-5455
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográfico". • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability http://osvdb.org/86134 http://secunia.com/advisories/50879 http://www.joomla.org/announcements/release-news/5468-joomla-3-0-1-released.html http://www.securityfocus.com/bid/55858 https://exchange.xforce.ibmcloud.com/vulnerabilities/79171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1307 – Joomla! Component Magic Updater - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1307
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Magic Updater (com_joomlaupdater) para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12070 http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt http://secunia.com/advisories/39348 http://www.exploit-db.com/exploits/12070 http://www.securityfocus.com/bid/39207 http://www.vupen.com/english/advisories/2010/0806 https://exchange.xforce.ibmcloud.com/vulnerabilities/57531 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •