CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-1027
https://notcve.org/view.php?id=CVE-2006-1027
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. • http://securityreason.com/securityalert/527 http://www.joomla.org/content/view/938/78 http://www.osvdb.org/23815 http://www.securityfocus.com/archive/1/426538/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25028 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1029
https://notcve.org/view.php?id=CVE-2006-1029
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags. • http://www.joomla.org/content/view/938/78 http://www.osvdb.org/23816 http://www.securityfocus.com/archive/1/426538/100/0/threaded •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2006-0303
https://notcve.org/view.php?id=CVE-2006-0303
Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. • http://secunia.com/advisories/18513 http://www.joomla.org/content/view/738/66 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0114
https://notcve.org/view.php?id=CVE-2006-0114
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. • http://forge.joomla.org/sf/go/artf2950 http://forum.joomla.org/index.php/topic%2C29031.0.html http://secunia.com/advisories/18361 http://www.listerit.com/content/view/116/84 http://www.securityfocus.com/bid/16185 http://www.vupen.com/english/advisories/2006/0097 https://exchange.xforce.ibmcloud.com/vulnerabilities/24042 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3772
https://notcve.org/view.php?id=CVE-2005-3772
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. • http://secunia.com/advisories/17675 http://www.joomla.org/content/view/499/66 http://www.osvdb.org/21042 http://www.osvdb.org/21043 http://www.securityfocus.com/bid/15526 http://www.vupen.com/english/advisories/2005/2526 https://exchange.xforce.ibmcloud.com/vulnerabilities/23177 https://exchange.xforce.ibmcloud.com/vulnerabilities/23178 •