Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla joomla 1.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3681
components/com_user/models/reset.php in Joomla! 1.5 up to and including 1.5.5 does not properly validate reset tokens, which allows remote malicious users to reset the "first enabled user (lowest id)" password, typically for the administrator.
Joomla Com User 1.5.1
Joomla Com User 1.5.2
Joomla Com User 1.5.3
Joomla Com User 1.5.4
Joomla Com User 1.5
Joomla Com User 1.5.5
1 EDB exploit
NA
CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and previous versions allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified v...
Joomla Joomla 1.5.0
Joomla Joomla 1.0.9
Joomla Joomla 1.0.2
Joomla Joomla 1.0.12
Joomla Joomla 1.0
Joomla Joomla 1.03
Joomla Joomla 1.5.3
Joomla Joomla 1.5.0 Beta2
Joomla Joomla 1.5
Joomla Joomla 1.0.4
Joomla Joomla 1.0.3
Joomla Joomla 1.0.1
Joomla Joomla 1.0.0
Joomla Joomla 1.5.1
Joomla Joomla 1.5.2
Joomla Joomla 1.5.5
Joomla Joomla
Joomla Joomla 1.0.8
Joomla Joomla 1.0.7
Joomla Joomla 1.0.14
Joomla Joomla 1.0.11
Joomla Joomla 1.5.6
NA
CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! prior to 1.7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow ...
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.5.11
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.22
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.18
Joomla Joomla\\!
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.6
Joomla Joomla\\! 1.5.1
NA
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
Joomla Joomla\\! 2.5.2
Joomla Joomla\\! 2.5.3
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.19
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.27
Joomla Joomla\\! 2.5.28
Joomla Joomla\\! 3.1.3
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 3.2.4
Joomla Joomla\\! 3.3.0
2 EDB exploits
16 Github repositories
6.1
CVSSv3
CVE-2017-11612
In Joomla! prior to 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.3.1
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.3
Joomla Joomla\\! 3.3.4
Joomla Joomla\\! 3.4.5
Joomla Joomla\\! 3.4.6
Joomla Joomla\\! 3.4.7
Joomla Joomla\\! 3.4.8
Joomla Joomla\\! 3.6.0
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.4
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.0
Joomla Joomla\\! 1.7.1
5.3
CVSSv3
CVE-2017-7983
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla\\! 3.1.0
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.14
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.24
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.3
Joomla Joomla\\! 3.3.0
6.1
CVSSv3
CVE-2017-7986
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 3.1.4
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 1.6.6
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.0
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.16
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.2
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.9
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 3.3.4
9.8
CVSSv3
CVE-2017-14596
In Joomla! prior to 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Joomla Joomla\\! 1.5.21
Joomla Joomla\\! 1.5.20
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.18
Joomla Joomla\\! 1.5.25
Joomla Joomla\\! 1.5.23
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.6.5
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.15
Joomla Joomla\\! 2.5.20
Joomla Joomla\\! 2.5.22
8.8
CVSSv3
CVE-2017-11364
The CMS installer in Joomla! prior to 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Joomla Joomla\\! 1.0.13
Joomla Joomla\\! 1.0.14
Joomla Joomla\\! 1.0.15
Joomla Joomla\\! 1.5.0
Joomla Joomla\\! 1.5.13
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 1.5.16
Joomla Joomla\\! 1.6
Joomla Joomla\\! 1.6.1
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.6.3
Joomla Joomla\\! 1.6.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 1.0.1
Joomla Joomla\\! 1.0.3
Joomla Joomla\\! 1.0.10
Joomla Joomla\\! 1.0.12
Joomla Joomla\\! 1.5.1
Joomla Joomla\\! 1.5.3
Joomla Joomla\\! 1.5.10
Joomla Joomla\\! 1.5.12
NA
CVE-2010-4794
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index...
Joomlaseller Com Jscalendar 1.5.1
Joomlaseller Com Jscalendar 1.5.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »