Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to “Coding errors.” (CVSS:5.0) (Last Update:2013-03-26)
Category Archives: Joomla
Joomla
CVE-2013-1453
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. (CVSS:5.0) (Last Update:2013-03-06)
CVE-2012-1599
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive “administrative back end information” via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. (CVSS:5.0) (Last Update:2012-12-04)
CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving “Inadequate protection.” (CVSS:4.3) (Last Update:2012-11-19)
CVE-2012-4532
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. (CVSS:4.3) (Last Update:2012-11-01)
CVE-2012-4531
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. (CVSS:4.3) (Last Update:2013-03-01)
CVE-2012-5455
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a “typographical error.” (CVSS:4.3) (Last Update:2012-11-08)
CVE-2012-1611
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive “administrative back end” information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. (CVSS:5.0) (Last Update:2013-10-03)
CVE-2012-1612
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. (CVSS:4.3) (Last Update:2012-09-07)
CVE-2012-3828
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. (CVSS:4.3) (Last Update:2012-07-17)