Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3228 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | |||||
CVE-2008-2093 | 3 Joomla, Joomlapolis, Mambo | 3 Com Comprofiler, Community Builder, Com Comprofiler | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | |||||
CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | |||||
CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. | |||||
CVE-2008-5200 | 2 Joomla, Mambo | 3 Com Xewebtv, Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
CVE-2008-4102 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. | |||||
CVE-2008-3227 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | |||||
CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | |||||
CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | |||||
CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | |||||
CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | |||||
CVE-2008-0511 | 2 Joomla, Mambo | 2 Com Mamml, Com Mamml | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | |||||
CVE-2006-5042 | 1 Joomla | 2 Com Mosmedia, Mosmedia | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors. | |||||
CVE-2008-0832 | 2 Joomla, Mambo | 2 Kemas Antonius Com Quran, Kemas Antonius Com Quran | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action. | |||||
CVE-2008-0854 | 2 Joomla, Mambo | 2 Com Salesrep, Com Salesrep | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | |||||
CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2024-02-28 | 9.3 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. |