CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2011-2889
https://notcve.org/view.php?id=CVE-2011-2889
27 Jul 2011 — templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. templates/sistema/error.php en Joomla! anterior a v1.5.23 podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados que provocan un valor indefinido de un campo de error concreto, lo q... • http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 1CVE-2011-2890
https://notcve.org/view.php?id=CVE-2011-2890
27 Jul 2011 — The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. La clase MediaViewMedia en administrator/components/com_media/opiniones/media/view.html.php en Joomla! v1.5.23 y anteriores permite a atacantes remotos obtener información sensible a través de vectores ... • http://www.openwall.com/lists/oss-security/2011/07/01/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4166
https://notcve.org/view.php?id=CVE-2010-4166
18 Jan 2011 — Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos S... • http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4696
https://notcve.org/view.php?id=CVE-2010-4696
18 Jan 2011 — Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos ... • http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3712
https://notcve.org/view.php?id=CVE-2010-3712
27 Oct 2010 — Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario po... • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
05 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacion... • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 6%CPEs: 2EXPL: 4CVE-2010-1476 – Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1476
19 Apr 2010 — Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente AlphaUserPoints (com_alphauserpoints) v1.5.5 para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente tener otros impactos al utilizar caracteres ".." • https://www.exploit-db.com/exploits/12150 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
16 Nov 2009 — Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3946
https://notcve.org/view.php?id=CVE-2009-3946
16 Nov 2009 — Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •