VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2008-3228Jul 18, 2008
    risk 0.00cvss epss 0.01

    Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

  • CVE-2008-1533Mar 28, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.

  • CVE-2007-6645Jan 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

  • CVE-2007-6643Jan 4, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6644Jan 4, 2008
    risk 0.00cvss epss 0.02

    Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.

  • CVE-2007-6642Jan 4, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.

  • CVE-2007-5577Oct 18, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New…

  • CVE-2007-5389Oct 12, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because…

  • CVE-2007-4777Sep 10, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.

  • CVE-2007-4778Sep 10, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in…

  • CVE-2007-4779Sep 10, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.

  • CVE-2007-4780Sep 10, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.

  • CVE-2007-4189Aug 8, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are…

  • CVE-2007-4188Aug 8, 2007
    risk 0.00cvss epss 0.04

    Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

  • CVE-2007-4190Aug 8, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS)…

  • CVE-2007-4185Aug 8, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7)…

  • CVE-2007-4184Aug 8, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

  • CVE-2006-7008Feb 12, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

  • CVE-2006-7009Feb 12, 2007
    risk 0.00cvss epss 0.01

    Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

  • CVE-2006-7010Feb 12, 2007
    risk 0.00cvss epss 0.01

    The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.