CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. • https://www.exploit-db.com/exploits/24551 http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html http://karmainsecurity.com/KIS-2013-03 http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html http://secunia.com/advisories/51187 http://www.securityfocus.com/bid/56397 http://www.securitytracker.com/id?1027744 https://exchange.xforce.ibmcloud.com/vulnerabilities/79925 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2012-4532
https://notcve.org/view.php?id=CVE-2012-4532
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/mod_languages/tmpl/default.php en el módulo Language Switcher para Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO a index.php. • http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability http://secunia.com/advisories/49678 http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html http://www.openwall.com/lists/oss-security/2012/10/07/3 http://www.openwall.com/lists/oss-security/2012/10/19/4 http://www.osvdb.org/83490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4531
https://notcve.org/view.php?id=CVE-2012-4531
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especifidados. • http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability http://secunia.com/advisories/49678 http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html http://www.openwall.com/lists/oss-security/2012/10/07/3 http://www.openwall.com/lists/oss-security/2012/10/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79725 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5455
https://notcve.org/view.php?id=CVE-2012-5455
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográfico". • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability http://osvdb.org/86134 http://secunia.com/advisories/50879 http://www.joomla.org/announcements/release-news/5468-joomla-3-0-1-released.html http://www.securityfocus.com/bid/55858 https://exchange.xforce.ibmcloud.com/vulnerabilities/79171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •