CVSS: 6.1EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
10 Aug 2012 — Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2012-4235
https://notcve.org/view.php?id=CVE-2012-4235
10 Aug 2012 — The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. El componente The RSGallery2 (com_rsgallery2) anterior a v3.2.0 para Joomla! v2.5.x no coloca archivos index.html en los directorios de imágenes, lo que permite a atacantes remotos enumerar nombres de fichero de imagen a través de una petición de un URI del directorio. • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2747
https://notcve.org/view.php?id=CVE-2012-2747
03 Jul 2012 — Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." Vulnerabilidad no especificada en Joomla! v2.5.x antes de v.2.5.5, permite a atacantes remotos ganar privilegios a través de vectores de ataque relacionados con "comprobación inadecuada" • http://developer.joomla.org/security/news/470-20120601-core-privilege-escalation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2748
https://notcve.org/view.php?id=CVE-2012-2748
03 Jul 2012 — Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." Vulnerabilidad no especifica en Joomla! v2.5.x anteriores a v2.5.5 permite a atacantes remotos obtener información sensible a través de vectores relacionados con un filtrado inadecuado y un error SQL. • http://developer.joomla.org/security/news/471-20120602-core-information-disclosure •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-0800 – Joomla! Component com_dms 2.5.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0800
02 Mar 2010 — SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. Vulnerabilidad de inyección SQL en el componente Ossolution Team Documents Seller (aka DMS) (com_dms) v2.5.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro "category_id" en una acción "view_category" a index.php. • https://www.exploit-db.com/exploits/11289 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5457 – Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5457
14 Oct 2007 — Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el componente Michael Dempfle Joomla Flash Uploader (com_jfu o com_joomla_flash_uploader) 2.5.1... • https://www.exploit-db.com/exploits/4521 • CWE-94: Improper Control of Generation of Code ('Code Injection') •