Vulnerabilities > Joomla > Joomla > 1.5.0.rc1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-05 | CVE-2009-1939 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-26 | CVE-2008-6299 | Cross-Site Scripting vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | 3.5 |
| 2008-07-18 | CVE-2008-3228 | Configuration vulnerability in Joomla Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | 7.5 |
| 2008-07-18 | CVE-2008-3227 | Link Following vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | 7.5 |
| 2008-07-18 | CVE-2008-3226 | Permissions, Privileges, and Access Controls vulnerability in Joomla The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | 5.0 |
| 2008-07-18 | CVE-2008-3225 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | 10.0 |
| 2007-09-10 | CVE-2007-4781 | Improper Input Validation vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | 6.6 |
| 2007-09-10 | CVE-2007-4780 | Improper Input Validation vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | 6.8 |
| 2007-09-10 | CVE-2007-4779 | Cross-Site Scripting vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | 4.3 |
| 2007-09-10 | CVE-2007-4778 | SQL Injection vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. | 7.5 |