NotCVE - vendor:"Joomla" product:"Joomla\!" version:"1.5.6"

Page 3 of 54 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2012-1599

https://notcve.org/view.php?id=CVE-2012-1599

03 Dec 2012 — Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. Joomla! v1.5.x antes de v1.5.26 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del backend a través de vectores desconocidos. • http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2

CVE-2011-4909 – Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure

https://notcve.org/view.php?id=CVE-2011-4909

07 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos i... • https://www.exploit-db.com/exploits/33061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0

CVE-2011-4910

https://notcve.org/view.php?id=CVE-2011-4910

07 Oct 2012 — Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PATH_INFO. • http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0

CVE-2011-4911

https://notcve.org/view.php?id=CVE-2011-4911

07 Oct 2012 — Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. Joomla! anterior a v1.5.12 no hace la comprobación JEXEC en ficheros sin especificar, lo que permite a atacantes remotos obtener el path de instalación a través de vectores no específicos. • http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 112EXPL: 0

CVE-2012-3554

https://notcve.org/view.php?id=CVE-2012-3554

10 Aug 2012 — SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 108EXPL: 0

CVE-2012-4071

https://notcve.org/view.php?id=CVE-2012-4071

10 Aug 2012 — Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0

CVE-2011-4321

https://notcve.org/view.php?id=CVE-2011-4321

23 Nov 2011 — The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change • CWE-310: Cryptographic Issues •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4

CVE-2010-4837 – Joomla! Component JSupport 1.5.6 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-4837

13 Sep 2011 — Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML... • https://www.exploit-db.com/exploits/15501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4

CVE-2010-4838 – Joomla! Component JSupport 1.5.6 - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4838

13 Sep 2011 — SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite ejecutar comandos SQL a usuarios remotos autenticados, con permisos de back-end publicos, a través del parámetro alpha en... • https://www.exploit-db.com/exploits/15502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

CVE-2011-2488

https://notcve.org/view.php?id=CVE-2011-2488

27 Jul 2011 — Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. Joomla! anterior a v1.5.23 no comprueba correctamente los errores, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3 4 5