CVE-2011-4332
https://notcve.org/view.php?id=CVE-2011-4332
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.6.3 y anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html http://seclists.org/fulldisclosure/2011/Nov/142 http://www.mavitunasecurity.com/xss-vulnerability-in-joomla-163 http://www.openwall.com/lists/oss-security/2011/11/21/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3747
https://notcve.org/view.php?id=CVE-2011-3747
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. Joomla! v1.6.0 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con libraries/phpmailer/language/phpmailer.lang-joomla.php. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2710
https://notcve.org/view.php?id=CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! before v1.7.0, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de(1) la URI sobre includes/application.php, accesible desde index.php; y, cuando de usa Internet Explorer o Konqueror, (2) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchword en una acción search sobre index.php en el componente com_search. • http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html http://www.openwall.com/lists/oss-security/2011/07/22/1 http://www.openwall.com/lists/oss-security/2011/07/22/5 http://www.openwall.com/lists/oss-security/2011/10/16/1 http://www.openwall.com/lists/oss-security/2011/11/21/27 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2889
https://notcve.org/view.php?id=CVE-2011-2889
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. templates/sistema/error.php en Joomla! anterior a v1.5.23 podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados que provocan un valor indefinido de un campo de error concreto, lo que lleva a la divulgación de la ruta de instalación. NOTA: esto podría superponerse a CVE-2011-2488. • http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html http://www.openwall.com/lists/oss-security/2011/07/01/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/68883 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2891
https://notcve.org/view.php?id=CVE-2011-2891
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. Joomla! v1.6.x anterior a v1.6.2 permite a atacantes remotos obtener información sensible a través de un parámetro de array Itemid vacío sobre index.php, lo que revela la ruta de instalación en un mensaje de error, una vulnerabilidad diferente a CVE-2011-2488. • http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html http://www.openwall.com/lists/oss-security/2011/06/27/6 http://www.openwall.com/lists/oss-security/2011/06/27/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/68881 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •