CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
26 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar ... • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
09 Jan 2009 — Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-4102
https://notcve.org/view.php?id=CVE-2008-4102
18 Sep 2008 — Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. Joomla! 1.5 anterior a v1.5.7 inicializa el PHP's PRNG con una semilla débil, lo que facilita a los atacantes obtener valores pseudo-aleatorios originados por la función PHP's mt_rand, como se ha demostrado obteniendo un reinicio de contraseña... • http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4103
https://notcve.org/view.php?id=CVE-2008-4103
18 Sep 2008 — The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. El componente mailto (alias com_mailto) en Joomla! 1.5 y versiones anteriores 1.5.7 que envía un mensaje de e-mail sin validar la URL, el cual permite a los atacantes remotos enviar spam. • http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-4104
https://notcve.org/view.php?id=CVE-2008-4104
18 Sep 2008 — Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. Múltiples vulnerabilidades involuntarias de redirección en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elección y provocar ataques de phishing mediante una URL "de paso". • http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-4105
https://notcve.org/view.php?id=CVE-2008-4105
18 Sep 2008 — JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. JRequest en Joomla! 1.5 y versiones anteriores a 1.5.7 limpia correctamente variable establecidas con JRequest::setVar, el cual permite a los atacante remotos realizar un ataque de "inyección de variable" y tiene otras consecuencias no especificadas. • http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html • CWE-20: Improper Input Validation •