CVE-2010-1434
https://notcve.org/view.php?id=CVE-2010-1434
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. • https://developer.joomla.org/security-centre/309-20100423-core-sessation-fixation.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-session-fixation-1-5-0-1-5-15 • CWE-384: Session Fixation •
CVE-2010-1433
https://notcve.org/view.php?id=CVE-2010-1433
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! • https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2010-1432
https://notcve.org/view.php?id=CVE-2010-1432
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. • https://developer.joomla.org/security-centre/311-20100423-core-negative-values-for-limit-and-offset.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-information-disclosure-1-5-0-1-5-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-26034 – [20210503] - Core - CSRF in data download endpoints
https://notcve.org/view.php?id=CVE-2021-26034
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-26033 – [20210502] - Core - CSRF in AJAX reordering endpoint
https://notcve.org/view.php?id=CVE-2021-26033
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/853-20210502-core-csrf-in-ajax-reordering-endpoint.html • CWE-352: Cross-Site Request Forgery (CSRF) •