CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html http://www.ocert.org/advisories/ocert-2010-002.html http://www.openwall.com/lists/oss-security/2010/07/20/2 http://www.openwall.com/lists/oss-security/2010/07/21/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 3CVE-2010-1340 – Joomla! Component com_jresearch - 'Controller' Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1340
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una vulnerabilidad de salto de directorio en jresearch.php en el componente J! • https://www.exploit-db.com/exploits/33797 http://osvdb.org/63147 http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt http://secunia.com/advisories/39079 http://www.securityfocus.com/bid/38917 https://exchange.xforce.ibmcloud.com/vulnerabilities/57123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0610 – Joomla! Component com_photoblog - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0610
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. El componente Photoblog (com_photoblog) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "blog" en una acción images al index.php. • https://www.exploit-db.com/exploits/11337 http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt http://www.exploit-db.com/exploits/11337 http://www.securityfocus.com/bid/38136 https://exchange.xforce.ibmcloud.com/vulnerabilities/56135 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html http://osvdb.org/59801 http://secunia.com/advisories/37262 https://exchange.xforce.ibmcloud.com/vulnerabilities/54161 •