CVE-2012-1116 – Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-1116
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! v1.7.x y v2.5.x antes de v2.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/36913 http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html http://secunia.com/advisories/48005 http://www.openwall.com/lists/oss-security/2012/03/06/12 http://www.openwall.com/lists/oss-security/2012/03/06/5 http://www.osvdb.org/79837 http://www.securityfocus.com/bid/52312 https://exchange.xforce.ibmcloud.com/vulnerabilities/73699 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-1612
https://notcve.org/view.php?id=CVE-2012-1612
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el gestor de actualizaciones de Joomla! v2.5.x anterior a v2.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 http://www.osvdb.org/80880 http://www.securityfocus.com/bid/52859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1611
https://notcve.org/view.php?id=CVE-2012-1611
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. Joomla! v2.5.x antes de v2.5.4 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del "backend de administración" a través de vectores de ataque desconocidos. • http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0837
https://notcve.org/view.php?id=CVE-2012-0837
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." Joomla! v1.7.x anterior a v1.7.5 y 2.5.x anterior a v2.5.1 permite a los atacantes obtener la ruta de instalación a través de vectores no especificados relacionados con "administrador". • http://developer.joomla.org/security/news/389-20120201-core-information-disclosure http://secunia.com/advisories/47847 http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html http://www.openwall.com/lists/oss-security/2012/02/03/6 http://www.openwall.com/lists/oss-security/2012/02/03/9 http://www.osvdb.org/78826 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0835
https://notcve.org/view.php?id=CVE-2012-0835
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." Vulnerabilidad no especificada en Joomla! v1.7.x anterior a v1.7.5 y v2.5.x anterior a v2.5.1 permite a atacantes obtener información sensible a través de vectores desconocidos relacionados con el "administrador". • http://developer.joomla.org/security/news/387-20120201-core-information-disclosure http://secunia.com/advisories/47847 http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html http://www.openwall.com/lists/oss-security/2012/02/03/6 http://www.openwall.com/lists/oss-security/2012/02/03/9 http://www.osvdb.org/78824 •