CVE-2012-0836
https://notcve.org/view.php?id=CVE-2012-0836
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. Vulnerabilidad no especificada en Joomla! v1.7.x anterior a v1.7.5 permite a los atacantes leer el registro de errores a través de vectores desconocidos. • http://developer.joomla.org/security/news/388-20120201-core-information-disclosure http://secunia.com/advisories/47847 http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html http://www.openwall.com/lists/oss-security/2012/02/03/6 http://www.openwall.com/lists/oss-security/2012/02/03/9 http://www.osvdb.org/78825 •
CVE-2012-4868
https://notcve.org/view.php?id=CVE-2012-4868
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en news.php en el componente Kunena v1.7.2 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • http://exploitsdownload.com/exploit/na/kunena-20-sql-injection http://www.securityfocus.com/bid/52636 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-5148 – Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-5148
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. Mútiples vulnerabilidades de lista negra incompleta en el módulo Simple File Upload (mod_simplefileuploadv1.3) anteriores a v1.3.5 para Joomla! permite a atacantes remotos ejecutar código de su elección subiendo un archivo con la extensión (1) php5, (2) php6, o (3) doble extensión (ej. .php.jpg), para acceder al fichero mediante una solicitud directa en la ruta images/, como se ha explotado en enero de 2012. • https://www.exploit-db.com/exploits/18287 http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3 http://secunia.com/advisories/47370 http://wasen.net/index.php?option=com_content&view=article&id=87&Itemid=59 http://www.exploit-db.com/exploits/18287 http://www.osvdb.org/78122 http://www.securityfocus.com/bid/51214 http://www.securityfocus.com/bid/51234 https://exchange.xforce.ibmcloud.com/vulnerabilities/72023 •
CVE-2011-5134
https://notcve.org/view.php?id=CVE-2011-5134
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information. Vulnerabilidad de carga de ficheros no restringida en editor/extensions/browser/file.php en el componente JCE anterior a v2.0.18 para Joomla! permite a usuarios remotos autenticados con privilegios de autor ejecutar código arbitrario PHP a través de la carga de un fichero con una extensión doble, como se demuestra con .php.gif. • http://secunia.com/advisories/47190 http://www.joomlacontenteditor.net/news/item/jce-2018-released?category_id=32 http://www.osvdb.org/77579 •
CVE-2011-5112 – Joomla! Component Alameda 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5112
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Alameda (com_alameda) anterior a v1.0.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (storeid) en index.php. • https://www.exploit-db.com/exploits/18058 http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28 http://www.exploit-db.com/exploits/18058 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •