Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5389 | 2 Joomla, Swmenupro | 2 Joomla, Swmenufree | 2018-10-15 | 6.8 MEDIUM | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests. | |||||
CVE-2007-4777 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
CVE-2007-4780 | 1 Joomla | 1 Joomla | 2018-10-15 | 6.8 MEDIUM | N/A |
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
CVE-2007-4779 | 1 Joomla | 1 Joomla | 2018-10-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | |||||
CVE-2007-4244 | 1 Joomla | 1 J Reactions | 2018-10-15 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | |||||
CVE-2007-4187 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | |||||
CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2018-10-15 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2007-4185 | 1 Joomla | 1 Joomla | 2018-10-15 | 5.0 MEDIUM | N/A |
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | |||||
CVE-2007-4184 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | |||||
CVE-2009-0378 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. | |||||
CVE-2008-6234 | 2 Joomla, Mambo-foundation | 4 Com Musica, Joomla, Com Musica and 1 more | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2008-5671 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. | |||||
CVE-2008-5957 | 2 Joomla, Mydyngallery | 2 Joomla, Mydyngallery | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | |||||
CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | |||||
CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2018-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
CVE-2008-4122 | 1 Joomla | 1 Joomla | 2018-10-11 | 5.0 MEDIUM | N/A |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2008-4102 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. | |||||
CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2018-10-11 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. |