CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-5397
https://notcve.org/view.php?id=CVE-2015-5397
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Vulnerabilidad de falsificación de petición de sitios cruzados (CSRF) en Joomla! 3.2.0 a través de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticación de víctimas no especificadas para enviar peticiones que descargan código a través de vectores desconocidos. • http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html http://www.securityfocus.com/bid/76495 http://www.securitytracker.com/id/1032796 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 95%CPEs: 45EXPL: 2CVE-2014-7228 – Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7228
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. Akeeba Restore (restore.php), utilizado en Joomla! 2.5.4 hasta 2.5.25, 3.x hasta 3.2.5, y 3.3.0 hasta 3.3.4; Akeeba Backup para Joomla! • https://www.exploit-db.com/exploits/35033 http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228 https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 31EXPL: 0CVE-2014-7229
https://notcve.org/view.php?id=CVE-2014-7229
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. Vulnerabilidad no especificada en Joomla! anterior a 2.5.4 anterior a 2.5.26, 3.x anterior a 3.2.6, y 3.3.x anterior a 3.3.5 permite a atacantes causar una denegación de servicio a través de vectores no especificados. • http://developer.joomla.org/security/596 •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2014-6631
https://notcve.org/view.php?id=CVE-2014-6631
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en com_media en Joomla! 3.2.x anterior a 3.2.5 y 3.3.x anterior a 3.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html http://secunia.com/advisories/61606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 32EXPL: 0CVE-2014-6632
https://notcve.org/view.php?id=CVE-2014-6632
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. Joomla! 2.5.x anterior a 2.5.25, 3.x anterior a 3.2.4, y 3.3.x anterior a 3.3.4 permite a atacantes remotos autenticar y evadir las restricciones de acceso a través de vectores que involucran la autenticación LDAP . • http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html http://secunia.com/advisories/61606 http://secunia.com/advisories/61638 • CWE-287: Improper Authentication •