Page 37 of 804 results (0.012 seconds)

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Vulnerabilidad de falsificación de petición de sitios cruzados (CSRF) en Joomla! 3.2.0 a través de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticación de víctimas no especificadas para enviar peticiones que descargan código a través de vectores desconocidos. • http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html http://www.securityfocus.com/bid/76495 http://www.securitytracker.com/id/1032796 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. Vulnerabilidad de inyección SQL en el componente EQ Event Calendar para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en eqfullevent. • http://packetstormsecurity.com/files/132220/Joomla-EQ-Event-Calendar-SQL-Injection.html http://www.securityfocus.com/bid/75261 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 95%CPEs: 45EXPL: 2

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. Akeeba Restore (restore.php), utilizado en Joomla! 2.5.4 hasta 2.5.25, 3.x hasta 3.2.5, y 3.3.0 hasta 3.3.4; Akeeba Backup para Joomla! • https://www.exploit-db.com/exploits/35033 http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228 https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en com_media en Joomla! 3.2.x anterior a 3.2.5 y 3.3.x anterior a 3.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html http://secunia.com/advisories/61606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •