CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
02 Aug 2017 — The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 10%CPEs: 2EXPL: 3CVE-2010-4769 – Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4769
23 Mar 2011 — Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php. Vulnerabilidad de salto de directorio en el componente Jimtawl (com_jimtawl) 1.0.2 de Joomla!. Permite a atacantes remotos leer archivos arbitrarios y posiblemente tener un impacto no especificado a través de un .. • https://www.exploit-db.com/exploits/15585 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2690 – Joomla! Component Gamesbox 1.0.2 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2690
09 Jul 2010 — SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. Una vulnerabilidad de inyección SQL en el componente para Joomla! Gamesbox JOOFORGE (com_gamesbox) v1.0.2, (y posiblemente en versiones anteriores también) permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción consoles a index.php. • https://www.exploit-db.com/exploits/14126 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4CVE-2010-2045 – Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2045
25 May 2010 — Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Dione Form Wizard (aka FDione or com_dioneformwizard) v1.0.2 de Joomla! permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en el parámetro "controller" sobre ind... • https://www.exploit-db.com/exploits/12595 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 5%CPEs: 14EXPL: 4CVE-2010-1531 – Joomla! Component redSHOP 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1531
26 Apr 2010 — Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente redSHOP (com_redshop) v1.0.x para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12054 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 15%CPEs: 13EXPL: 2CVE-2010-1081 – Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1081
23 Mar 2010 — Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
16 Sep 2009 — SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2008-6481 – Joomla! Component versioning 1.0.2 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6481
17 Mar 2009 — SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. Vulnerabilidad de inyección SQL en el componente Versioning (com_versioning) v1.0.2 en Joomla! y Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una tarea de edición en index.php. • https://www.exploit-db.com/exploits/5989 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
26 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar ... • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
09 Jan 2009 — Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •