CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7985
https://notcve.org/view.php?id=CVE-2017-7985
25 Apr 2017 — In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. El filtrado inadecuado de caracteres multibyte, en Joomla 1.5.0 hasta 3.6.5, puede derivar en vulnerabilidades XSS en varios componentes. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 3EXPL: 11CVE-2016-10045 – PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10045
28 Dec 2016 — The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando ... • https://packetstorm.news/files/id/140286 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 39CVE-2016-10033 – WordPress Core 4.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10033
26 Dec 2016 — The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobl... • https://packetstorm.news/files/id/142486 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-8769
https://notcve.org/view.php?id=CVE-2015-8769
12 Jan 2016 — SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! 3.x en versiones anteriores a 3.4.7 permite a atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/79679 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 93%CPEs: 95EXPL: 16CVE-2015-8562 – Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-8562
16 Dec 2015 — Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Joomla! 1.5.x, 2.x y 3.x en versiones anteriores a 3.4.6 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de la cabecera HTTP User-Agent header, como fue explotado en Diciembre 2015. • https://packetstorm.news/files/id/134949 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 45EXPL: 3CVE-2014-7228 – Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7228
21 Oct 2014 — Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $... • https://packetstorm.news/files/id/128774 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7984
https://notcve.org/view.php?id=CVE-2014-7984
08 Oct 2014 — Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos autenticarse y evadir restricciones a través de vectores que involucran la autenticación de GMail. • http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-7981
https://notcve.org/view.php?id=CVE-2014-7981
08 Oct 2014 — SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! CMS 3.1.x y 3.2.x anterior a 3.2.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/578-20140301-core-sql-injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7982
https://notcve.org/view.php?id=CVE-2014-7982
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-6632
https://notcve.org/view.php?id=CVE-2014-6632
08 Oct 2014 — Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. Joomla! 2.5.x anterior a 2.5.25, 3.x anterior a 3.2.4, y 3.3.x anterior a 3.3.4 permite a atacantes remotos autenticar y evadir las restricciones de acceso a través de vectores que involucran la autenticación LDAP . • http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html • CWE-287: Improper Authentication •