1. Reverse Engineering >
  2. Exploits >
  3. Harmis JE Messenger 1.2.2 on Joomla privilege escalation [CVE-2019-9920]

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Harmis JE Messenger 1.2.2 on Joomla privilege escalation [CVE-2019-9920]


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in Harmis JE Messenger 1.2.2 on Joomla (Messaging Software). It has been classified as critical. This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.132621

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • [20200401/20200403] Incorrect access control in com_users access level editing/deletion function

    vom 935.87 Punkte ic_school_black_18dp
    Incorrect ACL checks in the access level section of com_users allowed the unauthorized editing/deletion of usergroups. CVE Number: CVE-2020-11891 / CVE-2020-11889 This vulnerability affects the following application versions: Joomla 2.5.0
  • [20200306] SQL injection in Featured Articles menu parameters

    vom 926.43 Punkte ic_school_black_18dp
    The lack of type casting of a variable in SQL statement lead to a SQL injection vulnerability in the "Featured Articles" frontend menutype. This vulnerability affects the following application versions: Joomla 2.5.0 Joomla
  • [20200304] Identifier collisions in com_users

    vom 926.43 Punkte ic_school_black_18dp
    Missing length checks in the user table could lead to the creation of users with duplicate usernames and/or email addresses. This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20191202] Various SQL injections through configuration parameters

    vom 917.23 Punkte ic_school_black_18dp
    The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. CVE number: CVE-2019-19846 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20191002] Path Disclosure in phpuft8 mapping files

    vom 910.92 Punkte ic_school_black_18dp
    Missing access check in the phputf8 mapping files could lead to a path disclosure. CVE Number: CVE-2019-18674 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20170705] - XSS vulnerabilities in various components

    vom 908.57 Punkte ic_school_black_18dp
    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. CVE-2017-11612 Part of security release: 3.7.4 This vulnerability affects the following application versions: Joomla 1.5
  • [20170902] LDAP Information Disclosure

    vom 901.22 Punkte ic_school_black_18dp
    Inadequate escaping in the LDAP authentication plugin had resulted into a disclosure of username and password. This vulnerability affects the following application versions: Joomla 1.5.4 Joomla 1.5.5 Joo
  • [20190801] Hardening com_contact contact form

    vom 898.32 Punkte ic_school_black_18dp
    Inadequate checks in com_contact could allow mail submission in disabled forms. CVE Number: CVE-2019-15028 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1 Joomla 2.5.
  • [20170703] - Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components

    vom 895.97 Punkte ic_school_black_18dp
    Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. CVE-2017-7985 Part of security release: 3.7.3 This vulnerability affects the following application versions: Joomla 1.5 Joomla 1.5.1
  • [20180101] - XSS vulnerabilities in the module system

    vom 883.36 Punkte ic_school_black_18dp
    Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. CVE-2018-6380 Part of security release: 3.8.4 This vulnerability affects the following application versions: Joomla 1.5.16 Joomla 1.
  • XSS in com_users ACL debug views

    vom 865.76 Punkte ic_school_black_18dp
    The debug views of com_users did not properly escape user supplied data, which leads to a potential XSS attack vector. CVE-2019-11809 This vulnerability affects the following application versions: Joomla 2.5.0 Joomla 2.5.1
  • [20171101] Inadequate escaping in the LDAP authentication plugin

    vom 852.9 Punkte ic_school_black_18dp
    Inadequate escaping in the LDAP authentication plugin had resulted in disclosure of username and password. CVE Number: CVE-2017-14596. This vulnerability affects the following application versions: Joomla 1.5.16 Joomla 1.5.17

Team Security Diskussion über Harmis JE Messenger 1.2.2 on Joomla privilege escalation [CVE-2019-9920]