Page 27 of 141 results (0.018 seconds)

CVSS: 7.5EPSS: 77%CPEs: 15EXPL: 2

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. Vulnerabilidad de inyección SQL en la función getListQuery en administrator/components/com_contenthistory/models/history.php en Joomla! 3.2 en versiones anteriores a 3.4.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro list[select] a index.php. • https://www.exploit-db.com/exploits/38797 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_sqli_rce http://www.securityfocus.com/bid/77295 http://www.securitytracker.com/id/1033950 https://www.trustwave.com/Resources& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1

Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo de inicio de sesión en Joomla! 3.4.x en versiones anteriores a 3.4.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados . Joomla! • http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html http://packetstormsecurity.com/files/133907/Joomla-CMS-3.4.3-Cross-Site-Scripting.html http://www.securitytracker.com/id/1033541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Vulnerabilidad de falsificación de petición de sitios cruzados (CSRF) en Joomla! 3.2.0 a través de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticación de víctimas no especificadas para enviar peticiones que descargan código a través de vectores desconocidos. • http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html http://www.securityfocus.com/bid/76495 http://www.securitytracker.com/id/1032796 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 95%CPEs: 45EXPL: 2

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. Akeeba Restore (restore.php), utilizado en Joomla! 2.5.4 hasta 2.5.25, 3.x hasta 3.2.5, y 3.3.0 hasta 3.3.4; Akeeba Backup para Joomla! • https://www.exploit-db.com/exploits/35033 http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228 https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •