CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-8565
https://notcve.org/view.php?id=CVE-2015-8565
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. Vulnerabilidad de salto de directorio en Joomla! 3.2.0 hasta la versión 3.3.x y 3.4.x en versiones anteriores a 3.4.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos • https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 97%CPEs: 95EXPL: 9CVE-2015-8562 – Joomla HTTP Header Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Joomla! 1.5.x, 2.x y 3.x en versiones anteriores a 3.4.6 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de la cabecera HTTP User-Agent header, como fue explotado en Diciembre 2015. • https://www.exploit-db.com/exploits/38977 https://www.exploit-db.com/exploits/39033 https://github.com/paralelo14/CVE-2015-8562 https://github.com/guanjivip/CVE-2015-8562 https://github.com/thejackerz/scanner-exploit-joomla-CVE-2015-8562 https://github.com/RobinHoutevelts/Joomla-CVE-2015-8562-PHP-POC http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html http://ww • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7899
https://notcve.org/view.php?id=CVE-2015-7899
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente com_content en Joomla! 3.x en versiones anteriores a 3.4.5 no comprueba ACLs correctamente, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html http://www.securitytracker.com/id/1033950 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7859
https://notcve.org/view.php?id=CVE-2015-7859
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente com_contenthistory en Joomla! 3.2 en versiones anteriores a 3.4.5 no comprueba ACLs correctamente, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html http://www.securitytracker.com/id/1033950 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 97%CPEs: 15EXPL: 3CVE-2015-7297 – Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7297
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. Vulnerabilidad de inyección SQL en Joomla! 3.2 en versiones anteriores a 3.4.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7858. • https://www.exploit-db.com/exploits/38797 https://github.com/Cappricio-Securities/CVE-2015-7297 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html http://www.rapid7.com/db/modules/auxiliary/gather/joomla_contenthistory_sqli http://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •