CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
02 Aug 2017 — The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2011-0005 – Joomla! 1.0.x - 'ordering' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0005
11 Jan 2011 — Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo com_search de Joomla! 1.0.x hasta la 1.0.15. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro ordering de index.php. • https://www.exploit-db.com/exploits/35167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2845 – Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-2845
23 Jul 2010 — SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php. Vulnerabilidad de inyección SQL en el componente QuickFAQ (com_quickfaq) 1.0.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" en una acción category a index.php. • https://www.exploit-db.com/exploits/14296 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 6CVE-2010-2129 – JE Ajax Event Calendar - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2129
01 Jun 2010 — Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 4CVE-2010-1980 – Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1980
19 May 2010 — Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en joomlaflickr.php en el componente Joomla Flickr v1.0.3 (com_joomlaflickr) para Joomla!, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. • https://www.exploit-db.com/exploits/12085 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 5%CPEs: 14EXPL: 4CVE-2010-1531 – Joomla! Component redSHOP 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1531
26 Apr 2010 — Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente redSHOP (com_redshop) v1.0.x para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12054 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 15%CPEs: 13EXPL: 2CVE-2010-1081 – Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1081
23 Mar 2010 — Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 4CVE-2010-0801 – Joomla! Component AutartiTarot - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0801
02 Mar 2010 — Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente AutartiTarot (com_autartitarot) v1.0.3 para Joomla! permite a usuarios remotos... • https://www.exploit-db.com/exploits/33590 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
16 Sep 2009 — SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •