CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3829
https://notcve.org/view.php?id=CVE-2012-3829
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. Joomla! v2.5.3 permite a atacantes remotos obtener la ruta de instalación a través de Host HTTP Header • http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2012-2747
https://notcve.org/view.php?id=CVE-2012-2747
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." Vulnerabilidad no especificada en Joomla! v2.5.x antes de v.2.5.5, permite a atacantes remotos ganar privilegios a través de vectores de ataque relacionados con "comprobación inadecuada" • http://developer.joomla.org/security/news/470-20120601-core-privilege-escalation http://osvdb.org/83070 http://secunia.com/advisories/49605 http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html http://www.openwall.com/lists/oss-security/2012/06/19/2 http://www.securityfocus.com/bid/54073 https://exchange.xforce.ibmcloud.com/vulnerabilities/76415 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2748
https://notcve.org/view.php?id=CVE-2012-2748
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." Vulnerabilidad no especifica en Joomla! v2.5.x anteriores a v2.5.5 permite a atacantes remotos obtener información sensible a través de vectores relacionados con un filtrado inadecuado y un error SQL. • http://developer.joomla.org/security/news/471-20120602-core-information-disclosure http://osvdb.org/83069 http://secunia.com/advisories/49605 http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html http://www.openwall.com/lists/oss-security/2012/06/19/2 http://www.securityfocus.com/bid/54073 https://exchange.xforce.ibmcloud.com/vulnerabilities/76414 •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 2CVE-2012-2413 – Joomla 1.5.26 ja_purity Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-2413
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. Vulnerabilidad de XSS en la plantilla ja_purity para Joomla! 1.5.26 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro Mod* cookie en html/modules.php. Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0021.html http://www.securityfocus.com/bid/53382 http://www.waraxe.us/advisory-87.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2011-4321
https://notcve.org/view.php?id=CVE-2011-4321
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change http://www.openwall.com/lists/oss-security/2011/11/21/1 • CWE-310: Cryptographic Issues •