Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5039 | 1 Joomla | 2 Com Events, Events Module | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. | |||||
CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
CVE-2007-4506 | 1 Joomla | 1 Neorecruit | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. | |||||
CVE-2007-5457 | 2 Joomla, Michael Dempfle | 2 Joomla, Joomla Flash Uploader | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. | |||||
CVE-2008-1297 | 3 Ewriting, Joomla, Mambo | 3 Ewriting, Com Ewriting, Com Ewriting | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | |||||
CVE-2008-0839 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-4745 | 2 Joomla, Mambo | 2 Akobook, Mambo Site Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | |||||
CVE-2007-4184 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
CVE-2006-5048 | 2 Joomla, Waltercedric | 2 Joomla\!, Com Securityimages | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php. | |||||
CVE-2006-6834 | 1 Joomla | 1 Joomla | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." | |||||
CVE-2006-7010 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | |||||
CVE-2008-0846 | 2 Joomla, Mambo | 2 Com Profile, Com Profile | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. | |||||
CVE-2007-6663 | 2 Joomla, Pragmatic Utopia | 2 Joomla, Pu Arcade | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | |||||
CVE-2007-4185 | 1 Joomla | 1 Joomla | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | |||||
CVE-2008-0752 | 2 Joomla, Mambo | 2 Com Neogallery, Com Neogallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action. | |||||
CVE-2006-4992 | 1 Joomla | 1 Jd-wordpress | 2024-02-28 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php. | |||||
CVE-2006-6832 | 1 Joomla | 1 Joomla | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | |||||
CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-5049 | 1 Joomla | 2 Classifieds Component, Com Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors. | |||||
CVE-2007-5363 | 2 Joomla, Webmaster-tips | 2 Joomla, Panoramic Picture Viewer | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |