24 matches found
CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via 1 the filterorder parameter in a comweblinks category action to index.php, 2 the filterorderDir parameter in a comweblinks category action to index.php, or 3 the...
CVE-2012-3554
SQL injection vulnerability in the RSGallery2 comrsgallery2 component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Joomla! 1.5.x < 1.5.13 Automated Mail Timeout Bypass
According to its self-reported version, the detected Joomla! application version is 1.5.x prior to 1.5.13 and is affected by an automated mail timeout bypass. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...
Joomla! 1.5.x Cross Site Scripting and Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/35544/info Joomla! is prone to multiple cross-site scripting and information-disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
Joomla 1.5.x com_joomgallery&func Incorrect Flood Filter
No description provided by source. ?php $ch = curlinit; curlsetopt$ch, CURLOPTURL, http://server/index.php?option=comjoomgallery&func=votepic&id=here id de voto&Itemid=85; curlsetopt$ch, CURLOPTHEADER, false; curlsetopt$ch, CURLOPTPOSTFIELDS,imgvote=5&Votar%21=Votar%21; curlexec$ch; curlclose$ch;...
Design/Logic Flaw
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."...
CVE-2012-3554
SQL injection vulnerability in the RSGallery2 comrsgallery2 component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Joomla Component (com_obSuggest) Local File Inclusion Vulnerability
No description provided by source. Joomla Component obSuggest Local File Inclusion Vulnerability Author : v3n0m Discovered : July, 31-2011 GMT +7:00 Jakarta, Indonesia Software : obSuggest - Uservoice for Joomla Developer : http://foobla.com/ License : GPLv2 or later Tested On : Joomla 1.5.x Dork...
Joomla! Component obSuggest - Local File Inclusion
/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID ----------------------------------------------------------------------- Joomla...
Joomla Component mod_spo SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x...
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
Joomla! Component comphotomapgallery 1.6.0 - Multiple Blind SQL Injections PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection Name PhotoMap Gallery Vendor http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/10658 Versions Affected 1.6.0 Author Salvatore Fresta...
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection Name PhotoMap Gallery Vendor http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/10658 Versions Affected 1.6.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefres...
Joomla MySMS Shell Upload
1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla commysms Upload Vulnerability Date : july 10,2010 Critical Level : HIGH vendor URL :http://www.willcodejoomlaforfood.de/ Author : Sid3^effects aKa HaRi...
Joomla! Component MySMS - Arbitrary File Upload
1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla commysms Upload Vulnerability Date : july 10,2010 Critical Level : HIGH vendor URL :http://www.willcodejoomlaforfood.de/ Author : Sid3^effects aKa HaRi...
Joomla 1.5.x Local File Inclusion
Joomla 1.5.x + Download: http://www.joomla.org/download.html + Bug: Local File inclusion in index.php file + Author: s4r4d0 + Mail: [email protected] + Team: Fatal Error + Poc: http://www.site.com/index.php?option=/../../../../../../../../../../../../etc/passwd%00 + Demo:...
Component TP Whois for Joomla 1.5.x XSS
No description provided by source. andresg888 Exploit Title : Component TP Whois for Joomla 1.5.x XSS xss , cookie stealing Date : 2009-12-03 Author : andresg888 Software Link : http://www.templateplazza.com Contact : andresg8884tgmaildotcom Web: :...
CVE-2009-1939
Cross-site scripting XSS vulnerability in the JAPurity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the commedia component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2009-1280
Multiple cross-site request forgery CSRF vulnerabilities in the commedia component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2008-4107
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...