1. Reverse Engineering >
  2. Exploits >
  3. Harmis JE Messenger 1.2.2 on Joomla directory traversal [CVE-2019-9922]

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Harmis JE Messenger 1.2.2 on Joomla directory traversal [CVE-2019-9922]


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in Harmis JE Messenger 1.2.2 on Joomla (Messaging Software). It has been rated as critical. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.132623

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • [20200401/20200403] Incorrect access control in com_users access level editing/deletion function

    vom 924.22 Punkte ic_school_black_18dp
    Incorrect ACL checks in the access level section of com_users allowed the unauthorized editing/deletion of usergroups. CVE Number: CVE-2020-11891 / CVE-2020-11889 This vulnerability affects the following application versions: Joomla 2.5.0
  • [20200306] SQL injection in Featured Articles menu parameters

    vom 914.86 Punkte ic_school_black_18dp
    The lack of type casting of a variable in SQL statement lead to a SQL injection vulnerability in the "Featured Articles" frontend menutype. This vulnerability affects the following application versions: Joomla 2.5.0 Joomla
  • [20200304] Identifier collisions in com_users

    vom 914.86 Punkte ic_school_black_18dp
    Missing length checks in the user table could lead to the creation of users with duplicate usernames and/or email addresses. This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20191202] Various SQL injections through configuration parameters

    vom 905.81 Punkte ic_school_black_18dp
    The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. CVE number: CVE-2019-19846 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20191002] Path Disclosure in phpuft8 mapping files

    vom 899.59 Punkte ic_school_black_18dp
    Missing access check in the phputf8 mapping files could lead to a path disclosure. CVE Number: CVE-2019-18674 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20170705] - XSS vulnerabilities in various components

    vom 897.23 Punkte ic_school_black_18dp
    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. CVE-2017-11612 Part of security release: 3.7.4 This vulnerability affects the following application versions: Joomla 1.5
  • [20170902] LDAP Information Disclosure

    vom 889.96 Punkte ic_school_black_18dp
    Inadequate escaping in the LDAP authentication plugin had resulted into a disclosure of username and password. This vulnerability affects the following application versions: Joomla 1.5.4 Joomla 1.5.5 Joo
  • [20190801] Hardening com_contact contact form

    vom 887.14 Punkte ic_school_black_18dp
    Inadequate checks in com_contact could allow mail submission in disabled forms. CVE Number: CVE-2019-15028 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1 Joomla 2.5.
  • [20170703] - Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components

    vom 884.79 Punkte ic_school_black_18dp
    Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. CVE-2017-7985 Part of security release: 3.7.3 This vulnerability affects the following application versions: Joomla 1.5 Joomla 1.5.1
  • [20180101] - XSS vulnerabilities in the module system

    vom 872.34 Punkte ic_school_black_18dp
    Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. CVE-2018-6380 Part of security release: 3.8.4 This vulnerability affects the following application versions: Joomla 1.5.16 Joomla 1.
  • XSS in com_users ACL debug views

    vom 854.98 Punkte ic_school_black_18dp
    The debug views of com_users did not properly escape user supplied data, which leads to a potential XSS attack vector. CVE-2019-11809 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20171101] Inadequate escaping in the LDAP authentication plugin

    vom 842.27 Punkte ic_school_black_18dp
    Inadequate escaping in the LDAP authentication plugin had resulted in disclosure of username and password. CVE Number: CVE-2017-14596. This vulnerability affects the following application versions: Joomla 1.5.16 Joomla 1.5.17

Team Security Diskussion über Harmis JE Messenger 1.2.2 on Joomla directory traversal [CVE-2019-9922]