Page 43 of 804 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. Joomla! v1.5.x antes de v1.5.26 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del backend a través de vectores desconocidos. • http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html http://www.openwall.com/lists/oss-security/2012/03/29/5 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." Joomla! v1.5.x antes de 1.5.26 tiene un impacto no especificado y vectores de ataque relacionados con una "aleatoriedad insuficiente" y una "vulnerabilidad de restablecimiento de contraseña". • http://developer.joomla.org/security/news/396-20120305-core-password-change.html http://www.openwall.com/lists/oss-security/2012/03/29/5 http://www.openwall.com/lists/oss-security/2012/08/27/6 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Jstore (com_jstore) para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente tener otro impacto no especificado a través de un .. • https://www.exploit-db.com/exploits/34837 http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt http://www.securityfocus.com/bid/44053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 12%CPEs: 4EXPL: 3

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature. Una vulnerabilidad de Salto de directorio en el componente Enhanced Community Builder (CBE) (com_cbe) v1.4.8, v1.4.9 y v1.4.10 para Joomla! • https://www.exploit-db.com/exploits/15222 http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt http://secunia.com/advisories/41741 http://www.exploit-db.com/exploits/15222 http://www.securityfocus.com/archive/1/514183/100/0/threaded http://www.securityfocus.com/bid/43873 https://exchange.xforce.ibmcloud.com/vulnerabilities/62375 https://exchange.xforce.ibmcloud.com/vulnerabilities/62376 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html http://secunia.com/advisories/51187 http://www.securityfocus.com/bid/56397 http://www.securitytracker.com/id?1027744 https://exchange.xforce.ibmcloud.com/vulnerabilities/79925 •