CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1117
https://notcve.org/view.php?id=CVE-2012-1117
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.0 y 2.5.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores especificados • http://developer.joomla.org/security/news/392-20120302-core-xss-vulnerability.html http://secunia.com/advisories/48005 http://www.openwall.com/lists/oss-security/2012/03/06/12 http://www.openwall.com/lists/oss-security/2012/03/06/5 http://www.osvdb.org/79836 http://www.securityfocus.com/bid/52314 https://exchange.xforce.ibmcloud.com/vulnerabilities/73700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2012-1116 – Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-1116
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! v1.7.x y v2.5.x antes de v2.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/36913 http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html http://secunia.com/advisories/48005 http://www.openwall.com/lists/oss-security/2012/03/06/12 http://www.openwall.com/lists/oss-security/2012/03/06/5 http://www.osvdb.org/79837 http://www.securityfocus.com/bid/52312 https://exchange.xforce.ibmcloud.com/vulnerabilities/73699 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1612
https://notcve.org/view.php?id=CVE-2012-1612
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el gestor de actualizaciones de Joomla! v2.5.x anterior a v2.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 http://www.osvdb.org/80880 http://www.securityfocus.com/bid/52859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1611
https://notcve.org/view.php?id=CVE-2012-1611
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. Joomla! v2.5.x antes de v2.5.4 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del "backend de administración" a través de vectores de ataque desconocidos. • http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0CVE-2012-0819
https://notcve.org/view.php?id=CVE-2012-0819
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. Vulnerabilidad no especificada en Joomla! v1.6.x y v1.7.x anterior a v1.7.4 permite a atacantes remotos obtener información sensible a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2012-0821. • http://developer.joomla.org/security/news/382-20120101-core-information-disclosure http://secunia.com/advisories/47753 http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html http://www.openwall.com/lists/oss-security/2012/01/25/1 http://www.openwall.com/lists/oss-security/2012/01/26/2 http://www.openwall.com/lists/oss-security/2012/01/26/4 http://www.openwall.com/lists/os •