CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6834
https://notcve.org/view.php?id=CVE-2006-6834
31 Dec 2006 — Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." Mútiples vulnerabilidades no especificadas en Joomla! anterior a 1.0.12 tienen un impacto desconocido y ataca vectores relacionados con (1) "funciones innecesarias de herencia" y (2) "Varias soluciones de seguridad de nivel bajo." • http://jvn.jp/jp/JVN%2345006961/index.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4466
https://notcve.org/view.php?id=CVE-2006-4466
31 Aug 2006 — Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. Joomla! anterior a 1.0.11 no desestablece variables adecuadamente cuand... • http://www.joomla.org/content/view/1841/78 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4473
https://notcve.org/view.php?id=CVE-2006-4473
31 Aug 2006 — Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. Vulnerabilidad no especificada en com_content en Joomla! anterior 1.0.11, cuando esta asignado $mosConfig_hideEmail, permite a un atacante realizar tareas emailform y emailsend. • http://secunia.com/advisories/21666 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4474
https://notcve.org/view.php?id=CVE-2006-4474
31 Aug 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante parámetros no especificados en (1) Módulo de Administración, (2) Ayuda de Administr... • http://secunia.com/advisories/21666 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4475
https://notcve.org/view.php?id=CVE-2006-4475
31 Aug 2006 — Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. Joomla! anterior a 1.0.11 no limita el acceso a la funcionabilidad Admin Popups, lo cual tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/21666 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4476
https://notcve.org/view.php?id=CVE-2006-4476
31 Aug 2006 — Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. Múltiples vulnerabilidades no especificadas en Joomla! 1.0.1... • http://secunia.com/advisories/21666 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2006-3480
https://notcve.org/view.php?id=CVE-2006-3480
10 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! antes de 1.0.10 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de parámetros no especificados que involucran a... • http://secunia.com/advisories/20874 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2006-3481
https://notcve.org/view.php?id=CVE-2006-3481
10 Jul 2006 — Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". Múltiples vulnerabilidades de inyección SQL en Joomla! antes de 1.0.10 permiten a atacantes remotos ejecutar comandos SQL de su elección a través de parámetros no especificados que involucran (1) la función "Remember Me", (2) el módulo "Related Items" y (3) "... • http://secunia.com/advisories/20874 •