CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1533
https://notcve.org/view.php?id=CVE-2008-1533
28 Mar 2008 — Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. Vulnerabilidad no especificada en la extensión XML-RPC Blogger API de Joomla! 1.5 permite a atacantes remotos realizar operaciones de artículo no autorizadas en artículos a través de vectores desconocidos. • http://secunia.com/advisories/28861 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2007-5427 – Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5427
12 Oct 2007 — Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla!, com_search 1.0.13 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro searchword. • https://www.exploit-db.com/exploits/30655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6832
https://notcve.org/view.php?id=CVE-2006-6832
31 Dec 2006 — Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.12 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados, posiblemente relacionados con poll.php o el módulo title. • http://forge.joomla.org/sf/go/artf5985?nav=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6833
https://notcve.org/view.php?id=CVE-2006-6833
31 Dec 2006 — com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. com_categories en Joomla! anterior a 1.0.12 no valida la entrada, lo cual tiene un impacto desconocido y ataques remotos en vectores. • http://jvn.jp/jp/JVN%2345006961/index.html •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6834
https://notcve.org/view.php?id=CVE-2006-6834
31 Dec 2006 — Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." Mútiples vulnerabilidades no especificadas en Joomla! anterior a 1.0.12 tienen un impacto desconocido y ataca vectores relacionados con (1) "funciones innecesarias de herencia" y (2) "Varias soluciones de seguridad de nivel bajo." • http://jvn.jp/jp/JVN%2345006961/index.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4466
https://notcve.org/view.php?id=CVE-2006-4466
31 Aug 2006 — Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. Joomla! anterior a 1.0.11 no desestablece variables adecuadamente cuand... • http://www.joomla.org/content/view/1841/78 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4473
https://notcve.org/view.php?id=CVE-2006-4473
31 Aug 2006 — Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. Vulnerabilidad no especificada en com_content en Joomla! anterior 1.0.11, cuando esta asignado $mosConfig_hideEmail, permite a un atacante realizar tareas emailform y emailsend. • http://secunia.com/advisories/21666 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4474
https://notcve.org/view.php?id=CVE-2006-4474
31 Aug 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante parámetros no especificados en (1) Módulo de Administración, (2) Ayuda de Administr... • http://secunia.com/advisories/21666 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4475
https://notcve.org/view.php?id=CVE-2006-4475
31 Aug 2006 — Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. Joomla! anterior a 1.0.11 no limita el acceso a la funcionabilidad Admin Popups, lo cual tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/21666 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4476
https://notcve.org/view.php?id=CVE-2006-4476
31 Aug 2006 — Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. Múltiples vulnerabilidades no especificadas en Joomla! 1.0.1... • http://secunia.com/advisories/21666 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-264: Permissions, Privileges, and Access Controls •