Joomla!@1.5.18 Security Vulnerabilities and Issues — Joomla!@1.5.18 CVE List

Lucene search

JoomlaJoomla!1.5.18

8 matches found

CVE•added 2011/07/27 8:55 p.m.•74 views

CVE-2011-2710

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject ...

4.3CVSS5.7AI score0.00047EPSS

CVE•added 2011/07/27 8:55 p.m.•44 views

CVE-2011-2488

Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.1AI score0.00011EPSS

CVE•added 2011/07/27 8:55 p.m.•44 views

CVE-2011-2889

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

5CVSS6AI score0.00011EPSS

CVE•added 2011/01/18 6:3 p.m.•42 views

CVE-2010-4696

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this ...

7.5CVSS8.3AI score0.00074EPSS

CVE•added 2011/07/27 8:55 p.m.•41 views

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, a...

4.3CVSS5.8AI score0.00027EPSS

CVE•added 2011/01/18 6:3 p.m.•39 views

CVE-2010-4166

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3)...

7.5CVSS8.6AI score0.00024EPSS

CVE•added 2011/11/23 6:55 p.m.•39 views

CVE-2011-4321

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

5CVSS7.1AI score0.00233EPSS

CVE•added 2011/07/27 8:55 p.m.•38 views

CVE-2011-2890

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-...

5CVSS6AI score0.00165EPSS