Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9933 | 1 Joomla | 1 Joomla\! | 2017-07-20 | 5.0 MEDIUM | 7.5 HIGH |
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | |||||
CVE-2006-4474 | 1 Joomla | 1 Joomla | 2017-07-19 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. | |||||
CVE-2006-3480 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. | |||||
CVE-2006-3481 | 1 Joomla | 1 Joomla | 2017-07-19 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | |||||
CVE-2006-1048 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.0 MEDIUM | N/A |
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | |||||
CVE-2006-1030 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
CVE-2006-0114 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.0 MEDIUM | N/A |
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. | |||||
CVE-2005-3772 | 1 Joomla | 1 Joomla | 2017-07-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | |||||
CVE-2017-8057 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | |||||
CVE-2017-7987 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||||
CVE-2017-7983 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||||
CVE-2017-7986 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||||
CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||||
CVE-2017-7984 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||||
CVE-2016-9081 | 1 Joomla | 1 Joomla\! | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | |||||
CVE-2013-5583 | 1 Joomla | 1 Joomla\! | 2016-12-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
CVE-2016-9837 | 1 Joomla | 1 Joomla\! | 2016-12-22 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. | |||||
CVE-2015-6939 | 1 Joomla | 1 Joomla\! | 2016-12-08 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-9836 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | 9.8 CRITICAL |
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. | |||||
CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. |