CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4166
https://notcve.org/view.php?id=CVE-2010-4166
18 Jan 2011 — Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos S... • http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4696
https://notcve.org/view.php?id=CVE-2010-4696
18 Jan 2011 — Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos ... • http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3712
https://notcve.org/view.php?id=CVE-2010-3712
27 Oct 2010 — Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario po... • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
05 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1522
https://notcve.org/view.php?id=CVE-2010-1522
01 Jul 2010 — Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente BookLibrary Basic (com_booklib... • http://ordasoft.com/Download/Download-document/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacion... • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1721 – Joomla! Component Intellectual Property 1.5.3 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1721
04 May 2010 — SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. Vulnerabilidad de inyección SQL en el componente Intellectual Property (también conocido como IProperty or com_iproperty) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción agentproperties en index.php • https://www.exploit-db.com/exploits/12246 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 4CVE-2010-1312 – Joomla! Component News Portal 1.5.x - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1312
08 Apr 2010 — Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una Vulnerabilidad del salto del directorio en el componente iJoomla News Portal (com_news_portal) versión 1.5.x para Joomla! permite a los atacantes remotos leer archivos arbitrarios por medio de un .. • https://www.exploit-db.com/exploits/12077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0635
https://notcve.org/view.php?id=CVE-2010-0635
12 Feb 2010 — SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el método plgSearchEventsearch::onSearch en eventsearch.php en el plugin JEvents Search v1.5 a la v1.5.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de ... • http://secunia.com/advisories/38404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4550 – Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4550
04 Jan 2010 — SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Vulnerabilidad de inyección SQL en el componente Kunena Forum (com_kunena) v1.5.3 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "func" a index.php. • https://www.exploit-db.com/exploits/9408 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •