Lucene search

K
JoomlaJoomla!1.5.6

25 matches found

CVE
CVE
added 2015/12/16 9:59 p.m.188 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5CVSS8AI score0.93238EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.95 views

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8CVSS9.2AI score0.02138EPSS
CVE
CVE
added 2017/07/26 3:29 p.m.76 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00505EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.74 views

CVE-2011-2710

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject ...

4.3CVSS5.7AI score0.00047EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.69 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.00033EPSS
CVE
CVE
added 2017/08/02 2:29 p.m.59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS
CVE
CVE
added 2012/12/03 9:55 p.m.50 views

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

7.5CVSS6.7AI score0.01457EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.0001EPSS
CVE
CVE
added 2014/10/20 2:55 p.m.45 views

CVE-2012-2413

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

4.3CVSS5.9AI score0.00035EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.44 views

CVE-2011-2488

Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.1AI score0.00011EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.44 views

CVE-2011-2889

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

5CVSS6AI score0.00011EPSS
CVE
CVE
added 2011/01/18 6:3 p.m.42 views

CVE-2010-4696

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this ...

7.5CVSS8.3AI score0.00074EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.41 views

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, a...

4.3CVSS5.8AI score0.00027EPSS
CVE
CVE
added 2011/01/18 6:3 p.m.39 views

CVE-2010-4166

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3)...

7.5CVSS8.6AI score0.00024EPSS
CVE
CVE
added 2011/11/23 6:55 p.m.39 views

CVE-2011-4321

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

5CVSS7.1AI score0.00233EPSS
CVE
CVE
added 2012/10/07 9:55 p.m.39 views

CVE-2011-4910

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3CVSS5.9AI score0.00032EPSS
CVE
CVE
added 2010/10/28 12:0 a.m.38 views

CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content compon...

4.3CVSS5.7AI score0.00039EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.38 views

CVE-2011-2890

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-...

5CVSS6AI score0.00165EPSS
CVE
CVE
added 2012/10/07 9:55 p.m.38 views

CVE-2011-4911

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

5CVSS6.8AI score0.00411EPSS
CVE
CVE
added 2012/12/03 9:55 p.m.38 views

CVE-2012-1599

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

5CVSS6.3AI score0.00451EPSS
CVE
CVE
added 2009/11/16 8:30 p.m.37 views

CVE-2009-3946

Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.

5CVSS6.6AI score0.00041EPSS
CVE
CVE
added 2010/06/08 12:30 a.m.37 views

CVE-2010-1649

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

4.3CVSS5.9AI score0.00031EPSS
CVE
CVE
added 2009/11/16 8:30 p.m.35 views

CVE-2009-3945

Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.

5.5CVSS6.3AI score0.00032EPSS
CVE
CVE
added 2010/10/05 6:0 p.m.34 views

CVE-2010-2535

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

3.5CVSS5.5AI score0.00019EPSS
CVE
CVE
added 2012/10/07 9:55 p.m.33 views

CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.ph...

4.3CVSS5.9AI score0.00075EPSS