CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0836
https://notcve.org/view.php?id=CVE-2012-0836
06 Sep 2012 — Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. Vulnerabilidad no especificada en Joomla! v1.7.x anterior a v1.7.5 permite a los atacantes leer el registro de errores a través de vectores desconocidos. • http://developer.joomla.org/security/news/388-20120201-core-information-disclosure •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0837
https://notcve.org/view.php?id=CVE-2012-0837
06 Sep 2012 — Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." Joomla! v1.7.x anterior a v1.7.5 y 2.5.x anterior a v2.5.1 permite a los atacantes obtener la ruta de instalación a través de vectores no especificados relacionados con "administrador". • http://developer.joomla.org/security/news/389-20120201-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4868
https://notcve.org/view.php?id=CVE-2012-4868
06 Sep 2012 — SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en news.php en el componente Kunena v1.7.2 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • http://exploitsdownload.com/exploit/na/kunena-20-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 15%CPEs: 4EXPL: 2CVE-2011-5148 – Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-5148
31 Aug 2012 — Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. Mútiples vulnerabilidades de lista negra incompleta en el módulo Simple File Upload (mod_simplefileuploadv1.3) anteriores a v1.3.5 para Joo... • https://www.exploit-db.com/exploits/18287 •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2011-5134
https://notcve.org/view.php?id=CVE-2011-5134
30 Aug 2012 — Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information. Vulnerabilidad de carga de ficheros no restringida en editor/extensions/browser/file.php en el componente JCE anterior a v2.0.18 para Joomla! permite a ... • http://secunia.com/advisories/47190 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5112 – Joomla! Component Alameda 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5112
23 Aug 2012 — SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Alameda (com_alameda) anterior a v1.0.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (storeid) en index.php. • https://www.exploit-db.com/exploits/18058 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5113 – Joomla! Component Techfolio 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5113
23 Aug 2012 — SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección de código SQL en frontend/models/techfoliodetail.php en el componente Techfolio (com_techfolio) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro catid. • https://www.exploit-db.com/exploits/18042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2011-5099 – Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5099
14 Aug 2012 — SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en helper/popup.php en el componente ccNewsletter (mod_ccnewsletter) v1.0.7 a v1.0.9 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/37101 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4256
https://notcve.org/view.php?id=CVE-2012-4256
13 Aug 2012 — The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. El componente jNews (com_jnews) v7.5.1 para Joomla! permite a atacantes remotos obtener información sensible mediante el parámetro emailsearch, lo cual revela la ruta de instalación en un mensaje de error. • http://hauntit.blogspot.com/2012/04/en-jnews-jnewscore751-information.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 112EXPL: 0CVE-2012-3554
https://notcve.org/view.php?id=CVE-2012-3554
10 Aug 2012 — SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •