Page 6 of 66 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente J! • https://www.exploit-db.com/exploits/12083 http://secunia.com/advisories/39356 http://www.exploit-db.com/exploits/12083 http://www.securityfocus.com/bid/39243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 5

Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente Gadget Factory (com_gadgetfactory) v1.0.0 y v1.5.0 para Joomla! • https://www.exploit-db.com/exploits/12285 http://osvdb.org/63917 http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt http://secunia.com/advisories/39522 http://www.exploit-db.com/exploits/12285 http://www.securityfocus.com/bid/39547 http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html http://www.vupen.com/english/advisories/2010/0930 https://exchange.xforce.ibmcloud.com/vulnerabilities/57895 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 3

Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente Online Examination (también conocido como Online Exam o com_onlineexam) v1.5.0 para Joomla! • https://www.exploit-db.com/exploits/12174 http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt http://secunia.com/advisories/39414 http://www.exploit-db.com/exploits/12174 http://www.osvdb.org/63659 https://exchange.xforce.ibmcloud.com/vulnerabilities/57677 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 4

Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de salto de directorio en graphics.php del componente de Joomla! • https://www.exploit-db.com/exploits/12430 http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt http://secunia.com/advisories/39585 http://www.exploit-db.com/exploits/12430 http://www.securityfocus.com/bid/39743 http://www.vupen.com/english/advisories/2010/1004 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •