CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0837
https://notcve.org/view.php?id=CVE-2012-0837
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." Joomla! v1.7.x anterior a v1.7.5 y 2.5.x anterior a v2.5.1 permite a los atacantes obtener la ruta de instalación a través de vectores no especificados relacionados con "administrador". • http://developer.joomla.org/security/news/389-20120201-core-information-disclosure http://secunia.com/advisories/47847 http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html http://www.openwall.com/lists/oss-security/2012/02/03/6 http://www.openwall.com/lists/oss-security/2012/02/03/9 http://www.osvdb.org/78826 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 112EXPL: 0CVE-2012-3554
https://notcve.org/view.php?id=CVE-2012-3554
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •