5 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. El componente JNews Joomla versiones anteriores a 8.5.0, permite una Carga Útil de Archivos arbitraria por medio de Subscribers or Templates, como es demostrado por una extensión .php5. • https://labs.integrity.pt/advisories/cve-2015-7341 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. El componente JNews Joomla versiones anteriores a 8.5.0, permite una inyección SQL por medio de una carga thumnail, en un Campo de Búsqueda Queue, en un Campo de Búsqueda Subscribers o en un Campo de Búsqueda Newsletters. • https://labs.integrity.pt/advisories/cve-2015-7342 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. JNews Joomla Component versiones anteriores a 8.5.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro mailingsearch. • https://labs.integrity.pt/advisories/cve-2015-7343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 1%CPEs: 45EXPL: 2

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. Vulnerabilidad de XSS en open-flash-chart.swf en Open Flash Chart (también conocido como Open-Flash Chart), utilizado en el plugin Pretty Link Lite anterior a 1.6.3 para WordPress, el componente 8.0.1 de JNews (com_jnews) para Joomla! y CiviCRM 3.1.0 hasta 4.2.9 y 4.3.0 hasta 4.3.3, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro get-data. dotDefender Firewall versions 5.00.12865 and 5.13-13282 suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38324 http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html http://osvdb.org/90435 http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html http://wordpress.org/plugins/pretty-link/changelog https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/82242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. El componente jNews (com_jnews) v7.5.1 para Joomla! permite a atacantes remotos obtener información sensible mediante el parámetro emailsearch, lo cual revela la ruta de instalación en un mensaje de error. • http://hauntit.blogspot.com/2012/04/en-jnews-jnewscore751-information.html http://packetstormsecurity.org/files/112233/jNews-7.5.1-Information-Disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •