Vulnerabilities > Joomla > Joomla > 1.5.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-05 | CVE-2016-9836 | Improper Access Control vulnerability in Joomla Joomla! The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. | 7.5 |
| 2016-11-04 | CVE-2016-8870 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
| 2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
| 2015-12-16 | CVE-2015-8562 | Improper Input Validation vulnerability in Joomla Joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | 7.5 |
| 2014-10-20 | CVE-2012-2413 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | 4.3 |
| 2012-12-03 | CVE-2012-1599 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. | 5.0 |
| 2012-12-03 | CVE-2012-1598 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | 7.5 |
| 2012-10-07 | CVE-2011-4911 | Improper Input Validation vulnerability in Joomla Joomla! Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | 5.0 |
| 2012-10-07 | CVE-2011-4910 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2012-10-07 | CVE-2011-4909 | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | 4.3 |