Page 27 of 133 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0

CVE-2014-7984

https://notcve.org/view.php?id=CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos autenticarse y evadir restricciones a través de vectores que involucran la autenticación de GMail. • http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2013-5583

https://notcve.org/view.php?id=CVE-2013-5583

Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Cross-site scripting (XSS) en libraries/idna_convert/example.php de Joomla! 3.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro lang. • http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability http://www.securityfocus.com/bid/61600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 77%CPEs: 24EXPL: 3

CVE-2013-5576 – Joomla! Component Media Manager - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2013-5576

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. administrator/components/com_media/helpers/media.php en el gestor de medios de Joomla! 2.5.x anterior a la versión 2.5.14 y 3.x anterior a 3.1.5 permite a usuarios remotos autenticados o a atacantes remotos evadir restricciones de acceso intencionadas y subir archivos con extensiones peligrosas a través de un nombre de archivo con un . (punto), tal y como se explotó activamente en agosto de 2013. • https://www.exploit-db.com/exploits/27610 http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626 http://seclists.org/oss-sec/2013/q3/484 http://seclists.org/oss-sec/2013/q3/486 http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites http://www.exploit-db.com/exploits/27610 http://www.kb.cert.org/vuls/id/639620 • CWE-20: Improper Input Validation •