Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
CVE-2008-6883 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2024-11-21 | 7.5 HIGH | N/A |
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | |||||
CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2008-6489 | 2 Huseyin Bora Abaci, Joomla | 2 Com Myalbum, Joomla | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. | |||||
CVE-2008-6483 | 2 Joomla, Virtuemart-solutions | 2 Joomla, Com Googlebase | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2024-11-21 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | |||||
CVE-2008-6481 | 3 Joomla, Joomprod, Mambo-foundation | 3 Joomla, Com Versioning, Mambo | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
CVE-2008-6430 | 1 Joomla | 2 Com Mycontent, Joomla | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | |||||
CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-6337 | 2 Joomla, Joomlaapps | 2 Joomla, Com Volunteer | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. | |||||
CVE-2008-6299 | 1 Joomla | 1 Joomla | 2024-11-21 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | |||||
CVE-2008-6234 | 2 Joomla, Mambo-foundation | 4 Com Musica, Joomla, Com Musica and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2024-11-21 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||||
CVE-2008-6184 | 2 Joomla, Medialab-karlsruhe | 2 Joomla, Ownbiblio | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. | |||||
CVE-2008-6181 | 2 Joomla, Mad4media | 2 Joomla, Com Mad4joomla | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. | |||||
CVE-2008-6172 | 2 Joomla, Weberr | 2 Joomla, Rwcards | 2024-11-21 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. |