CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2012-1598
https://notcve.org/view.php?id=CVE-2012-1598
03 Dec 2012 — Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." Joomla! v1.5.x antes de 1.5.26 tiene un impacto no especificado y vectores de ataque relacionados con una "aleatoriedad insuficiente" y una "vulnerabilidad de restablecimiento de contraseña". • http://developer.joomla.org/security/news/396-20120305-core-password-change.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2011-4909 – Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2011-4909
07 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos i... • https://www.exploit-db.com/exploits/33061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4911
https://notcve.org/view.php?id=CVE-2011-4911
07 Oct 2012 — Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. Joomla! anterior a v1.5.12 no hace la comprobación JEXEC en ficheros sin especificar, lo que permite a atacantes remotos obtener el path de instalación a través de vectores no específicos. • http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4910
https://notcve.org/view.php?id=CVE-2011-4910
07 Oct 2012 — Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PATH_INFO. • http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
10 Aug 2012 — Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 112EXPL: 0CVE-2012-3554
https://notcve.org/view.php?id=CVE-2012-3554
10 Aug 2012 — SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2011-4321
https://notcve.org/view.php?id=CVE-2011-4321
23 Nov 2011 — The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4838 – Joomla! Component JSupport 1.5.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4838
13 Sep 2011 — SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite ejecutar comandos SQL a usuarios remotos autenticados, con permisos de back-end publicos, a través del parámetro alpha en... • https://www.exploit-db.com/exploits/15502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4837 – Joomla! Component JSupport 1.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4837
13 Sep 2011 — Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML... • https://www.exploit-db.com/exploits/15501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2011-2889
https://notcve.org/view.php?id=CVE-2011-2889
27 Jul 2011 — templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. templates/sistema/error.php en Joomla! anterior a v1.5.23 podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados que provocan un valor indefinido de un campo de error concreto, lo q... • http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •