Page 6 of 44 results (0.013 seconds)

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html http://www.ocert.org/advisories/ocert-2010-002.html http://www.openwall.com/lists/oss-security/2010/07/20/2 http://www.openwall.com/lists/oss-security/2010/07/21/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4

Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente AWDwall (com_awdwall) v1.5.4 de Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/12113 http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt http://secunia.com/advisories/39553 http://www.awdwall.com/index.php/awdwall-updates-logs- http://www.exploit-db.com/exploits/12113 http://www.osvdb.org/63943 http://www.securityfocus.com/bid/39331 https://exchange.xforce.ibmcloud.com/vulnerabilities/57693 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Lucy Games (com_lucygames) v1.5.4 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través de el parámetro "gameid" en una acción "game" de index.php. • http://www.exploit-db.com/exploits/9614 http://www.securityfocus.com/bid/36334 https://exchange.xforce.ibmcloud.com/vulnerabilities/53117 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3

SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Vulnerabilidad de inyección SQL en el componente Kunena Forum (com_kunena) v1.5.3 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "func" a index.php. • https://www.exploit-db.com/exploits/9408 http://secunia.com/advisories/36245 http://www.exploit-db.com/exploits/9408 http://www.securityfocus.com/bid/36020 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •