CVE-2008-1533
https://notcve.org/view.php?id=CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. Vulnerabilidad no especificada en la extensión XML-RPC Blogger API de Joomla! 1.5 permite a atacantes remotos realizar operaciones de artículo no autorizadas en artículos a través de vectores desconocidos. • http://secunia.com/advisories/28861 http://www.joomla.org/content/view/4560/1 http://www.securityfocus.com/bid/27719 https://exchange.xforce.ibmcloud.com/vulnerabilities/41563 •
CVE-2007-6642
https://notcve.org/view.php?id=CVE-2007-6642
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Joomla! anterior a 1.5 RC4 permiten a atacantes remotos (1) añadir un Super Administrador, (2) enviar una extensión que contenga código PHP de su elección, y (3) modificar la configuración como administradores a través de vectores no especificados. • http://osvdb.org/41263 http://secunia.com/advisories/29257 http://securityreason.com/securityalert/3505 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/archive/1/485676/100/0/threaded http://www.securityfocus.com/bid/28111 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-6643
https://notcve.org/view.php?id=CVE-2007-6643
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente com_poll de Joomla! versiones anteriores a 1.5 RC4 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. • http://osvdb.org/39979 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6644
https://notcve.org/view.php?id=CVE-2007-6644
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. Joomla! anterior a 1.5 RC4 permite a permite a administradores autenticados remotamente promocionar usuarios de su elección al grupo de administradores, violando el modelo de seguridad pretendido. • http://osvdb.org/43277 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-6645
https://notcve.org/view.php?id=CVE-2007-6645
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." Vulnerabilidad no especificada en Joomla! versiones anteriores a 1.5 RC4 permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados, también conocido como "vulnerabilidad de escalado de privilegios de usuario registrado". • http://osvdb.org/43276 http://secunia.com/advisories/29257 http://securitytracker.com/id?1019145 http://www.joomla.org/content/view/4335/116 http://www.mandriva.com/security/advisories?name=MDVSA-2008:060 http://www.securityfocus.com/bid/28111 • CWE-264: Permissions, Privileges, and Access Controls •