7 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-7341

https://notcve.org/view.php?id=CVE-2015-7341

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. El componente JNews Joomla versiones anteriores a 8.5.0, permite una Carga Útil de Archivos arbitraria por medio de Subscribers or Templates, como es demostrado por una extensión .php5. • https://labs.integrity.pt/advisories/cve-2015-7341 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-7342

https://notcve.org/view.php?id=CVE-2015-7342

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. El componente JNews Joomla versiones anteriores a 8.5.0, permite una inyección SQL por medio de una carga thumnail, en un Campo de Búsqueda Queue, en un Campo de Búsqueda Subscribers o en un Campo de Búsqueda Newsletters. • https://labs.integrity.pt/advisories/cve-2015-7342 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-7343

https://notcve.org/view.php?id=CVE-2015-7343

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. JNews Joomla Component versiones anteriores a 8.5.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro mailingsearch. • https://labs.integrity.pt/advisories/cve-2015-7343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 1%CPEs: 45EXPL: 2

CVE-2013-1636 – Pretty Links Lite < 1.6.3 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-1636

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. Vulnerabilidad de XSS en open-flash-chart.swf en Open Flash Chart (también conocido como Open-Flash Chart), utilizado en el plugin Pretty Link Lite anterior a 1.6.3 para WordPress, el componente 8.0.1 de JNews (com_jnews) para Joomla! y CiviCRM 3.1.0 hasta 4.2.9 y 4.3.0 hasta 4.3.3, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro get-data. dotDefender Firewall versions 5.00.12865 and 5.13-13282 suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38324 http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html http://osvdb.org/90435 http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html http://wordpress.org/plugins/pretty-link/changelog https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/82242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2

CVE-2010-5286 – Joomla! Component Jstore - 'Controller' Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-5286

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Jstore (com_jstore) para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente tener otro impacto no especificado a través de un .. • https://www.exploit-db.com/exploits/34837 http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt http://www.securityfocus.com/bid/44053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •