Joomla!@1.5.23 Security Vulnerabilities and Issues — Joomla!@1.5.23 CVE List

Lucene search

JoomlaJoomla!1.5.23

13 matches found

CVE•added 2015/12/16 9:59 p.m.•188 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5CVSS8AI score0.93238EPSS

CVE•added 2017/09/20 6:29 p.m.•96 views

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8CVSS9.2AI score0.03976EPSS

CVE•added 2017/07/26 3:29 p.m.•77 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00222EPSS

CVE•added 2011/07/27 8:55 p.m.•74 views

CVE-2011-2710

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject ...

4.3CVSS5.7AI score0.00047EPSS

CVE•added 2017/04/25 6:59 p.m.•70 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.0001EPSS

CVE•added 2017/08/02 2:29 p.m.•59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS

CVE•added 2012/12/03 9:55 p.m.•50 views

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

7.5CVSS6.7AI score0.01457EPSS

CVE•added 2017/04/25 6:59 p.m.•49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.00008EPSS

CVE•added 2017/04/25 6:59 p.m.•48 views

CVE-2017-7988

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

5.3CVSS5.5AI score0.00006EPSS

CVE•added 2014/10/20 2:55 p.m.•45 views

CVE-2012-2413

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

4.3CVSS5.9AI score0.00035EPSS

CVE•added 2011/07/27 8:55 p.m.•41 views

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, a...

4.3CVSS5.8AI score0.00027EPSS

CVE•added 2011/11/23 6:55 p.m.•39 views

CVE-2011-4321

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

5CVSS7.1AI score0.00233EPSS

CVE•added 2012/12/03 9:55 p.m.•38 views

CVE-2012-1599

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

5CVSS6.3AI score0.00451EPSS