Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Joomla!
CVE-2011-4908 (GCVE-0-2011-4908)
Vulnerability from cvelistv5 – Published: 2020-02-12 21:17 – Updated: 2024-08-07 00:23
VLAI?
Summary
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Upload
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! | TinyBrowser Plugin |
Affected:
1.5.12
Affected: fixed in 1.5.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908"
},
{
"name": "9926",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/9926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TinyBrowser Plugin",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.5.12"
},
{
"status": "affected",
"version": "fixed in 1.5.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T21:17:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908"
},
{
"name": "9926",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/9926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TinyBrowser Plugin",
"version": {
"version_data": [
{
"version_value": "1.5.12"
},
{
"version_value": "fixed in 1.5.13"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908"
},
{
"name": "9926",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4908",
"datePublished": "2020-02-12T21:17:10.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4906 (GCVE-0-2011-4906)
Vulnerability from cvelistv5 – Published: 2020-02-12 20:59 – Updated: 2024-08-07 00:23
VLAI?
Summary
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
Severity ?
No CVSS data available.
CWE
- Arbitrary PHP Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! | Tiny browser included with TinyMCE 3.0 |
Affected:
1.5.12
Affected: fixed in 1.5.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
},
{
"name": "10183",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/10183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tiny browser included with TinyMCE 3.0",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.5.12"
},
{
"status": "affected",
"version": "fixed in 1.5.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary PHP Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T21:20:34.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
},
{
"name": "10183",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/10183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tiny browser included with TinyMCE 3.0",
"version": {
"version_data": [
{
"version_value": "1.5.12"
},
{
"version_value": "fixed in 1.5.13"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary PHP Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/12/25/7",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
},
{
"name": "10183",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/10183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4906",
"datePublished": "2020-02-12T20:59:29.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1151 (GCVE-0-2011-1151)
Vulnerability from cvelistv5 – Published: 2020-02-05 21:39 – Updated: 2024-08-06 22:14
VLAI?
Summary
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:28.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T21:39:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "1.6.0"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/14/21",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/21"
},
{
"name": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1151",
"datePublished": "2020-02-05T21:39:18.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:28.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4912 (GCVE-0-2011-4912)
Vulnerability from cvelistv5 – Published: 2020-02-04 13:23 – Updated: 2024-08-07 00:23
VLAI?
Summary
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
Severity ?
No CVSS data available.
CWE
- mail timeout bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "All 1.5.x prior to and including 1.5.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mail timeout bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T13:23:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "All 1.5.x prior to and including 1.5.13"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mail timeout bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/12/25/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/9"
},
{
"name": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4912",
"datePublished": "2020-02-04T13:23:19.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3629 (GCVE-0-2011-3629)
Vulnerability from cvelistv5 – Published: 2020-02-04 12:21 – Updated: 2024-08-06 23:37
VLAI?
Summary
Joomla! core 1.7.1 allows information disclosure due to weak encryption
Severity ?
No CVSS data available.
CWE
- information disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! | Joomla! core |
Affected:
1.7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! core",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! core 1.7.1 allows information disclosure due to weak encryption"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T12:21:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! core",
"version": {
"version_data": [
{
"version_value": "1.7.1"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! core 1.7.1 allows information disclosure due to weak encryption"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/02/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/02/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/8"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/28/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"name": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3629",
"datePublished": "2020-02-04T12:21:19.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4937 (GCVE-0-2011-4937)
Vulnerability from cvelistv5 – Published: 2020-02-04 12:18 – Updated: 2024-08-07 00:23
VLAI?
Summary
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
Severity ?
No CVSS data available.
CWE
- information disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.7.1 has core information disclosure due to inadequate error checking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T12:18:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "1.7.1"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.7.1 has core information disclosure due to inadequate error checking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/02/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/28/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/02/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/1"
},
{
"name": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4937",
"datePublished": "2020-02-04T12:18:11.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3595 (GCVE-0-2011-3595)
Vulnerability from cvelistv5 – Published: 2020-01-22 15:20 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2011-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/04/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.7.0"
}
]
}
],
"datePublic": "2011-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T15:20:54.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/04/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.7.0"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/04/7",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/04/7"
},
{
"name": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3595",
"datePublished": "2020-01-22T15:20:54.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4907 (GCVE-0-2011-4907)
Vulnerability from cvelistv5 – Published: 2020-01-15 13:59 – Updated: 2024-08-07 00:23
VLAI?
Summary
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
Severity ?
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "1.5x through 1.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T13:59:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "1.5x through 1.5.12"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/12/25/7",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4907",
"datePublished": "2020-01-15T13:59:57.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1563 (GCVE-0-2012-1563)
Vulnerability from cvelistv5 – Published: 2020-01-15 12:59 – Updated: 2024-08-06 19:01
VLAI?
Summary
Joomla! before 2.5.3 allows Admin Account Creation.
Severity ?
No CVSS data available.
CWE
- Admin Account Creation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41156/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla!",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "2.5.2"
},
{
"status": "affected",
"version": "2.5.1"
},
{
"status": "affected",
"version": "2.5.0"
},
{
"status": "affected",
"version": "and all 1.7.x and 1.6.x releases"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! before 2.5.3 allows Admin Account Creation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Admin Account Creation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T12:59:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41156/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x releases"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 2.5.3 allows Admin Account Creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Admin Account Creation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"name": "https://www.exploit-db.com/exploits/41156/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41156/"
},
{
"name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1563",
"datePublished": "2020-01-15T12:59:50.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1562 (GCVE-0-2012-1562)
Vulnerability from cvelistv5 – Published: 2020-01-15 12:56 – Updated: 2024-08-06 19:01
VLAI?
Summary
Joomla! core before 2.5.3 allows unauthorized password change.
Severity ?
No CVSS data available.
CWE
- authentication error
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! | Joomla! core |
Affected:
2.5.2
Affected: 2.5.1 Affected: 2.5.0 Affected: and all 1.7.x and 1.6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! core",
"vendor": "Joomla!",
"versions": [
{
"status": "affected",
"version": "2.5.2"
},
{
"status": "affected",
"version": "2.5.1"
},
{
"status": "affected",
"version": "2.5.0"
},
{
"status": "affected",
"version": "and all 1.7.x and 1.6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joomla! core before 2.5.3 allows unauthorized password change."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T12:56:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! core",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x versions"
}
]
}
}
]
},
"vendor_name": "Joomla!"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! core before 2.5.3 allows unauthorized password change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1562",
"datePublished": "2020-01-15T12:56:07.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}