CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1455
https://notcve.org/view.php?id=CVE-2013-1455
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." Joomla! v3.0.x hasta v3.0.2 permite a atacantes obtener información sensible a través de vectores no especificados en relación con una "variable no definida". • http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/81926 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. • https://www.exploit-db.com/exploits/24551 http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html http://karmainsecurity.com/KIS-2013-03 http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2012-1598
https://notcve.org/view.php?id=CVE-2012-1598
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." Joomla! v1.5.x antes de 1.5.26 tiene un impacto no especificado y vectores de ataque relacionados con una "aleatoriedad insuficiente" y una "vulnerabilidad de restablecimiento de contraseña". • http://developer.joomla.org/security/news/396-20120305-core-password-change.html http://www.openwall.com/lists/oss-security/2012/03/29/5 http://www.openwall.com/lists/oss-security/2012/08/27/6 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2012-1599
https://notcve.org/view.php?id=CVE-2012-1599
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. Joomla! v1.5.x antes de v1.5.26 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del backend a través de vectores desconocidos. • http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html http://www.openwall.com/lists/oss-security/2012/03/29/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html http://secunia.com/advisories/51187 http://www.securityfocus.com/bid/56397 http://www.securitytracker.com/id?1027744 https://exchange.xforce.ibmcloud.com/vulnerabilities/79925 •