CVSS: 6.1EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
10 Aug 2012 — Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2012-4235
https://notcve.org/view.php?id=CVE-2012-4235
10 Aug 2012 — The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. El componente The RSGallery2 (com_rsgallery2) anterior a v3.2.0 para Joomla! v2.5.x no coloca archivos index.html en los directorios de imágenes, lo que permite a atacantes remotos enumerar nombres de fichero de imagen a través de una petición de un URI del directorio. • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3828
https://notcve.org/view.php?id=CVE-2012-3828
03 Jul 2012 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de Host HTTP Header. • http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3829
https://notcve.org/view.php?id=CVE-2012-3829
03 Jul 2012 — Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. Joomla! v2.5.3 permite a atacantes remotos obtener la ruta de instalación a través de Host HTTP Header • http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2747
https://notcve.org/view.php?id=CVE-2012-2747
03 Jul 2012 — Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." Vulnerabilidad no especificada en Joomla! v2.5.x antes de v.2.5.5, permite a atacantes remotos ganar privilegios a través de vectores de ataque relacionados con "comprobación inadecuada" • http://developer.joomla.org/security/news/470-20120601-core-privilege-escalation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2748
https://notcve.org/view.php?id=CVE-2012-2748
03 Jul 2012 — Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." Vulnerabilidad no especifica en Joomla! v2.5.x anteriores a v2.5.5 permite a atacantes remotos obtener información sensible a través de vectores relacionados con un filtrado inadecuado y un error SQL. • http://developer.joomla.org/security/news/471-20120602-core-information-disclosure •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2901
https://notcve.org/view.php?id=CVE-2012-2901
21 May 2012 — Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la lista de perfiles ("Profile List") del componente Joomla Content Editor (JCE) en versiones anteriores a la 2.1 de Joomla!. Permite a atacantes remotos inyectar codigo de script web o código HTML ... • http://secunia.com/advisories/49206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2902
https://notcve.org/view.php?id=CVE-2012-2902
21 May 2012 — Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. Vulnerabilidad de subida de archivos sin restricción en editor/extensions/browser/file.php en el componente Joomla Content Editor (JCE) anteriores a v2.1 para Joomla!, cunado el valor «chunking»... • http://osvdb.org/81980 •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 3CVE-2012-1018 – Joomla! Component Currency Converter 1.0.0 - 'from' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1018
08 Feb 2012 — Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en includes/convert.php en el módulo D-Mack Media Currency Converter (mod_currencyconverter) v1.0.0 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del ... • https://www.exploit-db.com/exploits/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2011-5004
https://notcve.org/view.php?id=CVE-2011-5004
25 Dec 2011 — Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Vulnerabilidad de subida no restringida de ficheros en models/importcsv.php en el componente Fabrik (com_fabrik) anterior a v2.1.1 para Joomla! permite a atacantes remotos c... • http://secunia.com/advisories/47036 •