CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6642
https://notcve.org/view.php?id=CVE-2007-6642
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Joomla! anterior a 1.5 RC4 permiten a atacantes remotos (1) añadir un Super Administrador, (2) enviar una extensión que contenga código PHP de su elección, y (3) modificar la configuración como administradores a través de vectores no especificados. • http://osvdb.org/41263 http://secunia.com/advisories/29257 http://securityreason.com/securityalert/3505 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/archive/1/485676/100/0/threaded http://www.securityfocus.com/bid/28111 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6643
https://notcve.org/view.php?id=CVE-2007-6643
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente com_poll de Joomla! versiones anteriores a 1.5 RC4 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. • http://osvdb.org/39979 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6644
https://notcve.org/view.php?id=CVE-2007-6644
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. Joomla! anterior a 1.5 RC4 permite a permite a administradores autenticados remotamente promocionar usuarios de su elección al grupo de administradores, violando el modelo de seguridad pretendido. • http://osvdb.org/43277 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6645
https://notcve.org/view.php?id=CVE-2007-6645
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." Vulnerabilidad no especificada en Joomla! versiones anteriores a 1.5 RC4 permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados, también conocido como "vulnerabilidad de escalado de privilegios de usuario registrado". • http://osvdb.org/43276 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2007-6272 – Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-6272
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. Múltiples vulnerabilidades de inyeccion SQL en Joomla! 1.5 RC3. Permite que atacantes remotos ejecuten, a su elección, comandos SQL a través de: (1) el parámetro view del componente com_content, (2) el parámetro task del componente com_search, o (3) el parámetro option en una acción de búsqueda pasada al componente com_search. • https://www.exploit-db.com/exploits/30849 https://www.exploit-db.com/exploits/30848 http://securityreason.com/securityalert/3422 http://www.securityfocus.com/archive/1/484603/100/0/threaded http://www.securityfocus.com/bid/26707 https://exchange.xforce.ibmcloud.com/vulnerabilities/38867 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •