NotCVE - vendor:"Joomla" product:"Joomla"

Page 77 of 804 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2010-1649

https://notcve.org/view.php?id=CVE-2010-1649

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5

CVE-2010-2148 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-2148

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. Vulnerabilidad de inyección SQL en el componente v1.0 My Car (com_mycar) para Joomla! permite a atacantes remotos ejecutar comandos aleatorios SQL a través del parámetro página en index.php • https://www.exploit-db.com/exploits/12779 http://osvdb.org/64999 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58975 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5

CVE-2010-2147 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-2147

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente My Car (com_mycar) v1.0 para Joomla! permite a atacantes remotos inyectar código web o HTML a través del parámetro modveh en index.php. • https://www.exploit-db.com/exploits/12779 http://osvdb.org/65000 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58976 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 6

CVE-2010-2129 – JE Ajax Event Calendar - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-2129

Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 http://packetstormsecurity.org/1005-exploits/joomlaajaxec-lfi.txt http://secunia.com/advisories/39836 http://www.exploit-db.com/exploits/12598 http://www.osvdb.org/64704 http://www.securityfocus.com/bid/40179 http://www.xenuser.org/2010/05/14/joomla-component-je-ajax-event-calendar-local-file-inclusion-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/58602 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 6

CVE-2010-2122 – Joomla! Component simpledownload 0.9.5 - Local File Disclosure

https://notcve.org/view.php?id=CVE-2010-2122

Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente SimpleDownload (com_simpledownload) anterior a v0.9.6 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. • https://www.exploit-db.com/exploits/12623 https://www.exploit-db.com/exploits/12618 http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717 http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt http://secunia.com/advisories/39871 http://www.exploit-db.com/exploits/12618 http://www.osvdb.org/64743 http://www.securityfocus.com/archive/1/511305/100/0/threaded http://www.securityfocus.com/bid/40192 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1...75 76 77 78 79