Page 77 of 804 results (0.019 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. Vulnerabilidad de inyección SQL en el componente v1.0 My Car (com_mycar) para Joomla! permite a atacantes remotos ejecutar comandos aleatorios SQL a través del parámetro página en index.php • https://www.exploit-db.com/exploits/12779 http://osvdb.org/64999 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58975 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente My Car (com_mycar) v1.0 para Joomla! permite a atacantes remotos inyectar código web o HTML a través del parámetro modveh en index.php. • https://www.exploit-db.com/exploits/12779 http://osvdb.org/65000 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58976 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3

Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente JE Quotation Form (com_jequoteform) v1.0b1 para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente causar otro impacto sin especificar a través de .. • https://www.exploit-db.com/exploits/12607 http://secunia.com/advisories/39832 http://www.exploit-db.com/exploits/12607 http://www.osvdb.org/64706 http://www.securityfocus.com/bid/40187 https://exchange.xforce.ibmcloud.com/vulnerabilities/58593 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 6

Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente SimpleDownload (com_simpledownload) anterior a v0.9.6 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. • https://www.exploit-db.com/exploits/12623 https://www.exploit-db.com/exploits/12618 http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717 http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt http://secunia.com/advisories/39871 http://www.exploit-db.com/exploits/12618 http://www.osvdb.org/64743 http://www.securityfocus.com/archive/1/511305/100/0/threaded http://www.securityfocus.com/bid/40192 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •