CVE-2012-1599
https://notcve.org/view.php?id=CVE-2012-1599
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. Joomla! v1.5.x antes de v1.5.26 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del backend a través de vectores desconocidos. • http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html http://www.openwall.com/lists/oss-security/2012/03/29/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-1598
https://notcve.org/view.php?id=CVE-2012-1598
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." Joomla! v1.5.x antes de 1.5.26 tiene un impacto no especificado y vectores de ataque relacionados con una "aleatoriedad insuficiente" y una "vulnerabilidad de restablecimiento de contraseña". • http://developer.joomla.org/security/news/396-20120305-core-password-change.html http://www.openwall.com/lists/oss-security/2012/03/29/5 http://www.openwall.com/lists/oss-security/2012/08/27/6 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-5286 – Joomla! Component Jstore - 'Controller' Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-5286
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Jstore (com_jstore) para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente tener otro impacto no especificado a través de un .. • https://www.exploit-db.com/exploits/34837 http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt http://www.securityfocus.com/bid/44053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-5280 – Joomla! Component Community Builder Enhanced (CBE) 1.4.8/1.4.9/1.4.10 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-5280
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature. Una vulnerabilidad de Salto de directorio en el componente Enhanced Community Builder (CBE) (com_cbe) v1.4.8, v1.4.9 y v1.4.10 para Joomla! • https://www.exploit-db.com/exploits/15222 http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt http://secunia.com/advisories/41741 http://www.exploit-db.com/exploits/15222 http://www.securityfocus.com/archive/1/514183/100/0/threaded http://www.securityfocus.com/bid/43873 https://exchange.xforce.ibmcloud.com/vulnerabilities/62375 https://exchange.xforce.ibmcloud.com/vulnerabilities/62376 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html http://secunia.com/advisories/51187 http://www.securityfocus.com/bid/56397 http://www.securitytracker.com/id?1027744 https://exchange.xforce.ibmcloud.com/vulnerabilities/79925 •