CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3CVE-2007-0373
https://notcve.org/view.php?id=CVE-2007-0373
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. Múltiples vulnerabilidades de inyección SQL en Joomla! 1.5.0 Beta permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) searchword en ciertos archivos, el parámetro (2) where en (2) plugins/search/content.php o (3) plugins/search/weblinks.php; el parámetro text en (4) plugins/search/contacts.php, (5) plugins/search/categories.php, o(6) plugins/search/sections.php; o el (7) parámetro email en database/table/user.php, el cual no es adecuadamente manejado por la función check. Joomla! • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/32527 http://osvdb.org/32528 http://osvdb.org/32529 http://osvdb.org/32530 http://osvdb.org/32531 http://osvdb.org/32532 http://osvdb.org/32533 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459203/100/0/threaded http://www.securityfocus.com/bid/22122 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2007-0374
https://notcve.org/view.php?id=CVE-2007-0374
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. Vulnerabilidad de inyección SQL en (1) Joomla! 1.0.11 y 1.5 Beta, y (2) Mambo 4.6.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id cuando se cancela el editor de contenidos. Joomla! • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/32520 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459203/100/0/threaded http://www.securityfocus.com/bid/19734 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0375
https://notcve.org/view.php?id=CVE-2007-0375
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. Joomla! 1.5.0 Beta permite a atacantes remotos obtener información sensible a través de respuesta directa para (1) plugins/user/example.php; (2) gmail.php, (3) example.php, o (4) ldap.php en plugins/authentication/; (5) modules/mod_mainmenu/menu.php; u otros scripts PHP no especificados, lo cual revela la ruta en varios mensajes de error, relacionado con la llamada a la función jimport al inicio de cada script. Joomla! • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/32522 http://osvdb.org/32523 http://osvdb.org/32524 http://osvdb.org/32525 http://osvdb.org/32526 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459203/100/0/threaded •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6832
https://notcve.org/view.php?id=CVE-2006-6832
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.12 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados, posiblemente relacionados con poll.php o el módulo title. • http://forge.joomla.org/sf/go/artf5985?nav=1 http://forge.joomla.org/sf/go/artf6844?nav=1 http://jvn.jp/jp/JVN%2345006961/index.html http://secunia.com/advisories/23563 http://www.joomla.org/content/view/2495/78 http://www.securityfocus.com/bid/21810 http://www.vupen.com/english/advisories/2006/5202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6833
https://notcve.org/view.php?id=CVE-2006-6833
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. com_categories en Joomla! anterior a 1.0.12 no valida la entrada, lo cual tiene un impacto desconocido y ataques remotos en vectores. • http://jvn.jp/jp/JVN%2345006961/index.html http://secunia.com/advisories/23563 http://www.joomla.org/content/view/2495/78 http://www.securityfocus.com/bid/21810 http://www.vupen.com/english/advisories/2006/5202 •