CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5577
https://notcve.org/view.php?id=CVE-2007-5577
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.13 (también conocido como Sunglow) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos del formulario (1) Title o (2) Section Name en el componente Section Manager, o (3) múltiples campos no especificados en New Menu Item. • http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654 http://osvdb.org/37173 http://secunia.com/advisories/25804 http://www.joomla.org/content/view/3670/78 http://www.joomla.org/content/view/3677/1 http://www.securityfocus.com/bid/24663 https://exchange.xforce.ibmcloud.com/vulnerabilities/35119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 4%CPEs: 2EXPL: 1CVE-2007-5457 – Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5457
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el componente Michael Dempfle Joomla Flash Uploader (com_jfu o com_joomla_flash_uploader) 2.5.1 para Joomla! permiten a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_absolute_path de (1) install.joomla_flash_uploader.php y (2) uninstall.joomla_flash_uploader.php. • https://www.exploit-db.com/exploits/4521 http://www.securityfocus.com/archive/1/486475/100/0/threaded http://www.securityfocus.com/bid/26044 https://exchange.xforce.ibmcloud.com/vulnerabilities/37181 https://exchange.xforce.ibmcloud.com/vulnerabilities/39737 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2007-5451 – Joomla! Component com_colorlab 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5451
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin.color.php en el componente para Joomla! com_colorlab (también conocido como com_color) 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_live_site. • https://www.exploit-db.com/exploits/4524 http://osvdb.org/40609 http://www.securityfocus.com/bid/26059 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2007-5427 – Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5427
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla!, com_search 1.0.13 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro searchword. NOTA: Este asunto podría estar relacionado con CVE-2007-4189.1. • https://www.exploit-db.com/exploits/30655 http://osvdb.org/37709 http://secunia.com/advisories/27196 http://securityreason.com/securityalert/3216 http://securityvulns.ru/Rdocument919.html http://websecurity.com.ua/1203 http://www.securityfocus.com/archive/1/482006/100/0/threaded http://www.securityfocus.com/bid/26031 http://www.vupen.com/english/advisories/2007/3495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 6%CPEs: 2EXPL: 3CVE-2007-5410 – Joomla! Component WebMaster-Tips.net Joomla! RSS Feed Reader 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5410
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin.wmtrssreader.php en el componente webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_live_site. • https://www.exploit-db.com/exploits/30651 http://osvdb.org/43765 http://securityreason.com/securityalert/3211 http://www.securityfocus.com/archive/1/481979/100/0/threaded http://www.securityfocus.com/bid/25999 http://www.sibersavascilar.com/merhaba-dunya-1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/37056 • CWE-94: Improper Control of Generation of Code ('Code Injection') •