Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla joomla 1.5.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3681
components/com_user/models/reset.php in Joomla! 1.5 up to and including 1.5.5 does not properly validate reset tokens, which allows remote malicious users to reset the "first enabled user (lowest id)" password, typically for the administrator.
Joomla Com User 1.5.1
Joomla Com User 1.5.2
Joomla Com User 1.5.3
Joomla Com User 1.5.4
Joomla Com User 1.5
Joomla Com User 1.5.5
1 EDB exploit
3.5
CVSSv2
CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and previous versions allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified v...
Joomla Joomla 1.5.0
Joomla Joomla 1.0.9
Joomla Joomla 1.0.2
Joomla Joomla 1.0.12
Joomla Joomla 1.0
Joomla Joomla 1.03
Joomla Joomla 1.5.3
Joomla Joomla 1.5.0 Beta2
Joomla Joomla 1.5
Joomla Joomla 1.0.4
Joomla Joomla 1.0.3
Joomla Joomla 1.0.1
Joomla Joomla 1.0.0
Joomla Joomla 1.5.1
Joomla Joomla 1.5.2
Joomla Joomla 1.5.5
Joomla Joomla
Joomla Joomla 1.0.8
Joomla Joomla 1.0.7
Joomla Joomla 1.0.14
Joomla Joomla 1.0.11
Joomla Joomla 1.5.6
4.3
CVSSv2
CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! prior to 1.7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow ...
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.5.11
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.22
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.18
Joomla Joomla\\!
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.6
Joomla Joomla\\! 1.5.1
7.5
CVSSv2
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
Joomla Joomla\\! 2.5.2
Joomla Joomla\\! 2.5.3
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.19
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.27
Joomla Joomla\\! 2.5.28
Joomla Joomla\\! 3.1.3
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 3.2.4
Joomla Joomla\\! 3.3.0
2 EDB exploits
16 Github repositories
4.3
CVSSv2
CVE-2017-11612
In Joomla! prior to 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.3.1
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.3
Joomla Joomla\\! 3.3.4
Joomla Joomla\\! 3.4.5
Joomla Joomla\\! 3.4.6
Joomla Joomla\\! 3.4.7
Joomla Joomla\\! 3.4.8
Joomla Joomla\\! 3.6.0
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
5
CVSSv2
CVE-2017-7983
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla\\! 3.1.0
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.14
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.24
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.3
Joomla Joomla\\! 3.3.0
4.3
CVSSv2
CVE-2017-7986
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.0
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.16
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.4
5
CVSSv2
CVE-2017-14596
In Joomla! prior to 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.23
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.15
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.22
6.5
CVSSv2
CVE-2017-11364
The CMS installer in Joomla! prior to 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Joomla Joomla\\! 1.0.13
Joomla Joomla\\! 1.0.14
Joomla Joomla\\! 1.0.15
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 1.0.1
Joomla Joomla\\! 1.0.3
Joomla Joomla\\! 1.0.10
Joomla Joomla\\! 1.0.12
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.12
4.3
CVSSv2
CVE-2010-4794
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index...
Joomlaseller Com Jscalendar 1.5.1
Joomlaseller Com Jscalendar 1.5.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »