All the vulnerabilites related to ryan_demmer - joomla_content_editor
Vulnerability from fkie_nvd
Published
2006-12-10 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ryan_demmer | joomla_content_editor | 1.0.4 | |
| ryan_demmer | joomla_content_editor | 1.1.0_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "302BCFB0-25F4-49A1-B590-18EE30A7C64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:1.1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6759048-01C7-4471-8D30-0A8623EA4DE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabildades de secuencias de comandos en sitios cruzandos (XSS) en jce.php en JCE Admin Component en Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 y anteriores para Joomla! (com_jce) permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) img, (2) title, (3) w, o (4) h, vectores diferentes que CVE-2006-6166. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros. \r\n"
}
],
"id": "CVE-2006-6420",
"lastModified": "2024-11-21T00:22:38.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23160"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21496"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30799"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-10 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ryan_demmer | joomla_content_editor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CD8CB8-746D-4049-A454-FBE47FAE2473",
"versionEndIncluding": "1.1.0_beta2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "jce.php en JCE Admin Component en Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 y anteriores para Joomla! (com_jce) permite a un atacante remoto a\u00f1adir y posiblemente ejecutar archivos locales de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) plugin o(2) file. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros. \r\n"
}
],
"id": "CVE-2006-6419",
"lastModified": "2024-11-21T00:22:38.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23160"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21491"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ryan_demmer | joomla_content_editor | * | |
| ryan_demmer | joomla_content_editor | 2.0 | |
| joomla | joomla\! | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9BDA4-CE80-4A40-9E91-5AC89F610390",
"versionEndIncluding": "2.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F60EF7-C422-40FF-8A70-1F5DCB096BF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en editor/extensions/browser/file.php en el componente Joomla Content Editor (JCE) anteriores a v2.1 para Joomla!, cunado el valor \u00abchunking\u00bb est\u00e1 fijado a un valor mayor que 0, permite a autores remotos ejecutar c\u00f3digo de su elecci\u00f3n subiendo un archivo con una doble extensi\u00f3n en su nombre, como se ha demostrado con el nombre de archivo .jpg.pht."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html \u0027Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2012-2902",
"lastModified": "2024-11-21T01:39:52.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T18:55:02.460",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81980"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49206"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-15/"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51002"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75671"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 02:28
Modified
2024-11-21 00:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ryan_demmer | joomla_content_editor | 1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "302BCFB0-25F4-49A1-B590-18EE30A7C64A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente JCE Admin en Ryan Demmer Joomla Content Editor (JCE) 1.0.4 para Joomla! (com_jce), sin el jce_patch del 21/08/2006, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro mosConfig_live_site."
}
],
"id": "CVE-2006-6166",
"lastModified": "2024-11-21T00:22:03.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forum.joomla.org/index.php?topic=113796.new#new"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forum.joomla.org/index.php?topic=113796.new#new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ryan_demmer | joomla_content_editor | * | |
| ryan_demmer | joomla_content_editor | 2.0 | |
| joomla | joomla\! | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9BDA4-CE80-4A40-9E91-5AC89F610390",
"versionEndIncluding": "2.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ryan_demmer:joomla_content_editor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F60EF7-C422-40FF-8A70-1F5DCB096BF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la lista de perfiles (\"Profile List\") del componente Joomla Content Editor (JCE) en versiones anteriores a la 2.1 de Joomla!. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del parametro search de administrator/index.php."
}
],
"id": "CVE-2012-2901",
"lastModified": "2024-11-21T01:39:52.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T18:55:02.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49206"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-14/"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53559"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-14/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-2901
Vulnerability from cvelistv5
Published
2012-05-21 18:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53559 | vdb-entry, x_refsource_BID | |
| http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75670 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/49206 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2012-14/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-index-xss(75670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75670"
},
{
"name": "49206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2012-14/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-index-xss(75670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75670"
},
{
"name": "49206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2012-14/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53559"
},
{
"name": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32",
"refsource": "CONFIRM",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-index-xss(75670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75670"
},
{
"name": "49206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49206"
},
{
"name": "http://secunia.com/secunia_research/2012-14/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-14/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2901",
"datePublished": "2012-05-21T18:00:00",
"dateReserved": "2012-05-21T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6166
Vulnerability from cvelistv5
Published
2006-11-29 02:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cellardoor.za.net/index.php?option=com_content&task=view&id=28 | x_refsource_CONFIRM | |
| http://forum.joomla.org/index.php?topic=113796.new#new | x_refsource_CONFIRM | |
| http://www.cellardoor.za.net/index.php?option=com_docman&task=doc_download&gid=51&Itemid=6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.joomla.org/index.php?topic=113796.new#new"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-29T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.joomla.org/index.php?topic=113796.new#new"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28",
"refsource": "CONFIRM",
"url": "http://www.cellardoor.za.net/index.php?option=com_content\u0026task=view\u0026id=28"
},
{
"name": "http://forum.joomla.org/index.php?topic=113796.new#new",
"refsource": "CONFIRM",
"url": "http://forum.joomla.org/index.php?topic=113796.new#new"
},
{
"name": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6",
"refsource": "CONFIRM",
"url": "http://www.cellardoor.za.net/index.php?option=com_docman\u0026task=doc_download\u0026gid=51\u0026Itemid=6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6166",
"datePublished": "2006-11-29T02:00:00Z",
"dateReserved": "2006-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:57.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6419
Vulnerability from cvelistv5
Published
2006-12-10 11:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30798 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4903 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/23160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21491 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:45.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jceadmin-jce-file-include(30798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30798"
},
{
"name": "ADV-2006-4903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jceadmin-jce-file-include(30798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30798"
},
{
"name": "ADV-2006-4903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jceadmin-jce-file-include(30798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30798"
},
{
"name": "ADV-2006-4903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6419",
"datePublished": "2006-12-10T11:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:45.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6420
Vulnerability from cvelistv5
Published
2006-12-10 11:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30799 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4903 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/23160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21496 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jceadmin-jce-xss(30799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30799"
},
{
"name": "ADV-2006-4903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jceadmin-jce-xss(30799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30799"
},
{
"name": "ADV-2006-4903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jceadmin-jce-xss(30799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30799"
},
{
"name": "ADV-2006-4903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4903"
},
{
"name": "23160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23160"
},
{
"name": "21496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6420",
"datePublished": "2006-12-10T11:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2902
Vulnerability from cvelistv5
Published
2012-05-21 18:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/51002 | vdb-entry, x_refsource_BID | |
| http://secunia.com/secunia_research/2012-15/ | x_refsource_MISC | |
| http://osvdb.org/81980 | vdb-entry, x_refsource_OSVDB | |
| http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75671 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/49206 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:03.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2012-15/"
},
{
"name": "81980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-file-file-upload(75671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75671"
},
{
"name": "49206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2012-15/"
},
{
"name": "81980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-file-file-upload(75671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75671"
},
{
"name": "49206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51002"
},
{
"name": "http://secunia.com/secunia_research/2012-15/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-15/"
},
{
"name": "81980",
"refsource": "OSVDB",
"url": "http://osvdb.org/81980"
},
{
"name": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32",
"refsource": "CONFIRM",
"url": "http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32"
},
{
"name": "jce-joomla-file-file-upload(75671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75671"
},
{
"name": "49206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2902",
"datePublished": "2012-05-21T18:00:00",
"dateReserved": "2012-05-21T00:00:00",
"dateUpdated": "2024-08-06T19:50:03.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}