Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4105 | 1 Joomla | 1 Joomla | 2017-08-07 | 7.5 HIGH | N/A |
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | |||||
CVE-2008-4103 | 1 Joomla | 2 Com Mailto, Joomla | 2017-08-07 | 5.0 MEDIUM | N/A |
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | |||||
CVE-2008-4104 | 1 Joomla | 1 Joomla | 2017-08-07 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | |||||
CVE-2008-3226 | 1 Joomla | 1 Joomla | 2017-08-07 | 5.0 MEDIUM | N/A |
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||
CVE-2008-3228 | 1 Joomla | 1 Joomla | 2017-08-07 | 7.5 HIGH | N/A |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | |||||
CVE-2008-3225 | 1 Joomla | 1 Joomla | 2017-08-07 | 10.0 HIGH | N/A |
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | |||||
CVE-2008-3227 | 1 Joomla | 1 Joomla | 2017-08-07 | 7.5 HIGH | N/A |
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | |||||
CVE-2008-1890 | 2 Azrul, Joomla | 2 Jom Comment, Joomla | 2017-08-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-1533 | 1 Joomla | 1 Joomla | 2017-08-07 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. | |||||
CVE-2008-1540 | 2 Joomla, Mambo | 2 Datsogallery, Datsogallery | 2017-08-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2017-08-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | |||||
CVE-2017-11612 | 1 Joomla | 1 Joomla\! | 2017-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | |||||
CVE-2016-8870 | 1 Joomla | 1 Joomla\! | 2017-07-28 | 6.8 MEDIUM | 8.1 HIGH |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | |||||
CVE-2007-4745 | 2 Joomla, Mambo | 2 Akobook, Mambo Site Server | 2017-07-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | |||||
CVE-2007-4778 | 1 Joomla | 1 Joomla | 2017-07-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777. | |||||
CVE-2007-5362 | 3 Ag-solutions, Joomla, Mambo | 3 Mosmedia Lite, Joomla, Mambo | 2017-07-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. | |||||
CVE-2007-5363 | 2 Joomla, Webmaster-tips | 2 Joomla, Panoramic Picture Viewer | 2017-07-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2017-07-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | |||||
CVE-2017-9934 | 1 Joomla | 1 Joomla\! | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. |