Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. Date published :...
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file,...
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to...
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php",...
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot)...
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. Date published : 2012-09-06...
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter...
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. Date published : 2012-09-06 http://www.securityfocus.com/bid/52284...
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error....
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." Date published : 2012-09-06 http://developer.joomla.org/security/news/389-20120201-core-information-disclosure http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. Date published : 2012-09-06 http://developer.joomla.org/security/news/388-20120201-core-information-disclosure http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." Date published : 2012-09-06 http://developer.joomla.org/security/news/387-20120201-core-information-disclosure http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. Date published : 2012-09-06 http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability...
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. Date published : 2012-09-06 http://developer.joomla.org/security/news/384-20120103-core-information-disclosure http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html