CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2008-5671
https://notcve.org/view.php?id=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar código PHP a su elección a través de una URL en el parámetro "mosConfig_absolute_path". • http://secunia.com/advisories/29106 http://securityreason.com/securityalert/4787 http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html http://www.securityfocus.com/archive/1/488126/100/200/threaded http://www.securityfocus.com/archive/1/488199/100/200/threaded http://www.securityfocus.com/bid/27795 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-1533
https://notcve.org/view.php?id=CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. Vulnerabilidad no especificada en la extensión XML-RPC Blogger API de Joomla! 1.5 permite a atacantes remotos realizar operaciones de artículo no autorizadas en artículos a través de vectores desconocidos. • http://secunia.com/advisories/28861 http://www.joomla.org/content/view/4560/1 http://www.securityfocus.com/bid/27719 https://exchange.xforce.ibmcloud.com/vulnerabilities/41563 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0517 – Mambo Component EstateAgent 0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0517
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. Vulnerabilidad de inyección SQL en idex.php en el componente Darko Selesi EstateAgent (com_estateagent) 0.1 para Mambo 4.5.x y Joomla!. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro objid en una acción de contacto showObject. • https://www.exploit-db.com/exploits/5016 http://www.securityfocus.com/bid/27520 http://www.vupen.com/english/advisories/2008/0362 https://exchange.xforce.ibmcloud.com/vulnerabilities/40060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2007-5427 – Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5427
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla!, com_search 1.0.13 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro searchword. NOTA: Este asunto podría estar relacionado con CVE-2007-4189.1. • https://www.exploit-db.com/exploits/30655 http://osvdb.org/37709 http://secunia.com/advisories/27196 http://securityreason.com/securityalert/3216 http://securityvulns.ru/Rdocument919.html http://websecurity.com.ua/1203 http://www.securityfocus.com/archive/1/482006/100/0/threaded http://www.securityfocus.com/bid/26031 http://www.vupen.com/english/advisories/2007/3495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-7009
https://notcve.org/view.php?id=CVE-2006-7009
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. Joomla! anterior a 1.0.10 permite a atacantes remotos falsear los formularios de envío del interfaz externo (frontend), lo cual tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/20874 http://www.joomla.org/content/view/1510/74 •