CVE-2006-6832
https://notcve.org/view.php?id=CVE-2006-6832
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.12 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados, posiblemente relacionados con poll.php o el módulo title. • http://forge.joomla.org/sf/go/artf5985?nav=1 http://forge.joomla.org/sf/go/artf6844?nav=1 http://jvn.jp/jp/JVN%2345006961/index.html http://secunia.com/advisories/23563 http://www.joomla.org/content/view/2495/78 http://www.securityfocus.com/bid/21810 http://www.vupen.com/english/advisories/2006/5202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-4476
https://notcve.org/view.php?id=CVE-2006-4476
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. Múltiples vulnerabilidades no especificadas en Joomla! 1.0.11, relacionados con "defectos de inyección," permite a un atacante tener un impacto deconocido a través de (1) globals.php, el cual usa include_once() en vez de require(); (2) la variable $options; (3) Admin Upload Image; (4) ->load(); (5) contienen presentación de contenidos cuando el se selecciona frontpage (6)el constructor mosPageNav; (7)la función saveOrder; (8) la ausencia de “reglas de bloqueo de exploits” en htaccess; y (9) el ACL. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-4474
https://notcve.org/view.php?id=CVE-2006-4474
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante parámetros no especificados en (1) Módulo de Administración, (2) Ayuda de Administración y (3) Búsqueda. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 https://exchange.xforce.ibmcloud.com/vulnerabilities/28633 •
CVE-2006-4473
https://notcve.org/view.php?id=CVE-2006-4473
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. Vulnerabilidad no especificada en com_content en Joomla! anterior 1.0.11, cuando esta asignado $mosConfig_hideEmail, permite a un atacante realizar tareas emailform y emailsend. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 •
CVE-2006-4475
https://notcve.org/view.php?id=CVE-2006-4475
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. Joomla! anterior a 1.0.11 no limita el acceso a la funcionabilidad Admin Popups, lo cual tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 • CWE-264: Permissions, Privileges, and Access Controls •