Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla joomla 1.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3681
components/com_user/models/reset.php in Joomla! 1.5 up to and including 1.5.5 does not properly validate reset tokens, which allows remote malicious users to reset the "first enabled user (lowest id)" password, typically for the administrator.
Joomla Com User 1.5.1
Joomla Com User 1.5.2
Joomla Com User 1.5.3
Joomla Com User 1.5.4
Joomla Com User 1.5
Joomla Com User 1.5.5
1 EDB exploit
NA
CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and previous versions allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified v...
Joomla Joomla 1.5.0
Joomla Joomla 1.0.9
Joomla Joomla 1.0.2
Joomla Joomla 1.0.12
Joomla Joomla 1.0
Joomla Joomla 1.03
Joomla Joomla 1.5.3
Joomla Joomla 1.5.0 Beta2
Joomla Joomla 1.5
Joomla Joomla 1.0.4
Joomla Joomla 1.0.3
Joomla Joomla 1.0.1
Joomla Joomla 1.0.0
Joomla Joomla 1.5.1
Joomla Joomla 1.5.2
Joomla Joomla 1.5.5
Joomla Joomla
Joomla Joomla 1.0.8
Joomla Joomla 1.0.7
Joomla Joomla 1.0.14
Joomla Joomla 1.0.11
Joomla Joomla 1.5.6
NA
CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! prior to 1.7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow ...
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.5.11
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.22
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.18
Joomla Joomla\\!
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.6
Joomla Joomla\\! 1.5.1
NA
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
Joomla Joomla\\! 2.5.2
Joomla Joomla\\! 2.5.3
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.19
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.27
Joomla Joomla\\! 2.5.28
Joomla Joomla\\! 3.1.3
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 3.2.4
Joomla Joomla\\! 3.3.0
2 EDB exploits
20 Github repositories
6.1
CVSSv3
CVE-2017-11612
In Joomla! prior to 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.3.1
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.3
Joomla Joomla\\! 3.3.4
Joomla Joomla\\! 3.4.5
Joomla Joomla\\! 3.4.6
Joomla Joomla\\! 3.4.7
Joomla Joomla\\! 3.4.8
Joomla Joomla\\! 3.6.0
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
6.1
CVSSv3
CVE-2017-7986
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.0
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.16
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.4
5.3
CVSSv3
CVE-2017-7983
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla\\! 3.1.0
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.14
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.24
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.3
Joomla Joomla\\! 3.3.0
9.8
CVSSv3
CVE-2017-14596
In Joomla! prior to 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.23
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.15
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.22
8.8
CVSSv3
CVE-2017-11364
The CMS installer in Joomla! prior to 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Joomla Joomla\\! 1.0.13
Joomla Joomla\\! 1.0.14
Joomla Joomla\\! 1.0.15
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 1.0.1
Joomla Joomla\\! 1.0.3
Joomla Joomla\\! 1.0.10
Joomla Joomla\\! 1.0.12
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.12
NA
CVE-2010-4795
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third part...
Joomlaseller Com Jscalendar 1.5.1
Joomlaseller Com Jscalendar 1.5.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »