CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html http://www.ocert.org/advisories/ocert-2010-002.html http://www.openwall.com/lists/oss-security/2010/07/20/2 http://www.openwall.com/lists/oss-security/2010/07/21/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1476 – Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1476
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente AlphaUserPoints (com_alphauserpoints) v1.5.5 para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente tener otros impactos al utilizar caracteres ".." • https://www.exploit-db.com/exploits/12150 http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt http://secunia.com/advisories/39250 http://www.alphaplug.com http://www.exploit-db.com/exploits/12150 http://www.securityfocus.com/bid/39393 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-3946
https://notcve.org/view.php?id=CVE-2009-3946
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html http://secunia.com/advisories/37262 http://www.osvdb.org/59800 https://exchange.xforce.ibmcloud.com/vulnerabilities/54160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html http://osvdb.org/59801 http://secunia.com/advisories/37262 https://exchange.xforce.ibmcloud.com/vulnerabilities/54161 •