Page 20 of 102 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con una "variable no definida". • http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/81926 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con "errores de codificación". • http://developer.joomla.org/security/news/550-20130203-core-information-disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/81927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. • https://www.exploit-db.com/exploits/24551 http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html http://karmainsecurity.com/KIS-2013-03 http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 •

CVSS: 7.5EPSS: 0%CPEs: 112EXPL: 0

SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0

Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •