Vulnerabilities > Joomla > Joomla > 2.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-03 | CVE-2013-3242 | Improper Input Validation vulnerability in Joomla Joomla! plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. | 5.5 |
2013-05-03 | CVE-2013-3059 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-03 | CVE-2013-3058 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-05-03 | CVE-2013-3057 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | 4.0 |
2013-05-03 | CVE-2013-3056 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. | 4.0 |
2013-02-13 | CVE-2013-1453 | Unspecified vulnerability in Joomla Joomla! plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. | 7.5 |
2012-11-11 | CVE-2012-5827 | Clickjacking Security Bypass vulnerability in Joomla! Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." network joomla | 4.3 |
2012-10-31 | CVE-2012-4532 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 4.3 |
2012-10-31 | CVE-2012-4531 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-08-10 | CVE-2012-4235 | Information Exposure vulnerability in Rsgallery2 COM Rsgallery2 The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | 5.0 |