NotCVE - vendor:"Joomla" product:"Joomla\!" version:"2.5.11"

Page 3 of 65 results (0.018 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-19846

https://notcve.org/view.php?id=CVE-2019-19846

18 Dec 2019 — In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. En Joomla! versiones anteriores a la versión 3.9.14, la falta de comprobación de los parámetros de configuración utilizados en las consultas SQL causó varios vectores de inyección SQL. • https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-15028

https://notcve.org/view.php?id=CVE-2019-15028

14 Aug 2019 — In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. En Joomla! versiones anteriores a 3.9.11, las comprobaciones inadecuadas en la función com_contact podrían permitir el envío de correo en formularios deshabilitados. • https://developer.joomla.org/security-centre/789-20190801-core-hardening-com-contact-contact-form •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-11809

https://notcve.org/view.php?id=CVE-2019-11809

20 May 2019 — An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Un problema fue descubierto en Joomla antes del 3.9.6. Las vistas de depuración de com_users no escapan correctamente a los datos proporcionados por el usuario, lo que conduce a un posible vector de ataque XSS. • https://developer.joomla.org/security-centre/780-20190501-core-xss-in-com-users-acl-debug-view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 61%CPEs: 1EXPL: 4

CVE-2019-10945 – Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

https://notcve.org/view.php?id=CVE-2019-10945

10 Apr 2019 — An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Un problema fue descubierto en Joomla! versiones anteriores a 3.9.5. • https://packetstorm.news/files/id/152515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7739

https://notcve.org/view.php?id=CVE-2019-7739

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this. • http://www.securityfocus.com/bid/107015 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7740

https://notcve.org/view.php?id=CVE-2019-7740

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El manejo inadecuado de parámetros en el código JavaScript (writeDynaList en core.js) podría conducir a un vector de ataque XSS. • https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7741

https://notcve.org/view.php?id=CVE-2019-7741

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7742

https://notcve.org/view.php?id=CVE-2019-7742

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7743

https://notcve.org/view.php?id=CVE-2019-7743

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El wrapper de transmisión phar:// puede emplearse para ataques de inyección de objetos debido a que no existe un mecanismo de protección (como el wrapper de transmisión PHAR T... • http://www.securityfocus.com/bid/107050 • CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-7744

https://notcve.org/view.php?id=CVE-2019-7744

12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El filtrado inadecuado de los campos de URL en varios componentes core podría conducir a una vulnerabilidad XSS. • https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5