Joomla!
by Joomla
Source repositories
CVEs (393)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0387 | 0.00 | — | 0.01 | Jan 19, 2007 | SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-0375 | 0.00 | — | 0.02 | Jan 19, 2007 | Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts,… | |||
| CVE-2007-0374 | 0.00 | — | 0.01 | Jan 19, 2007 | SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||
| CVE-2006-6832 | 0.00 | — | 0.01 | Dec 31, 2006 | Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | |||
| CVE-2006-6833 | 0.00 | — | 0.01 | Dec 31, 2006 | com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||
| CVE-2006-6834 | 0.00 | — | 0.01 | Dec 31, 2006 | Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." | |||
| CVE-2006-4470 | 0.00 | — | 0.03 | Aug 31, 2006 | Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | |||
| CVE-2006-4474 | 0.00 | — | 0.01 | Aug 31, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. | |||
| CVE-2006-4472 | 0.00 | — | 0.03 | Aug 31, 2006 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | |||
| CVE-2006-4466 | 0.00 | — | 0.01 | Aug 31, 2006 | Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability… | |||
| CVE-2006-4476 | 0.00 | — | 0.01 | Aug 31, 2006 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5)… | |||
| CVE-2006-4469 | 0.00 | — | 0.04 | Aug 31, 2006 | Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | |||
| CVE-2006-4468 | 0.00 | — | 0.02 | Aug 31, 2006 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of… | |||
| CVE-2006-4471 | 0.00 | — | 0.02 | Aug 31, 2006 | The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | |||
| CVE-2006-4475 | 0.00 | — | 0.01 | Aug 31, 2006 | Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||
| CVE-2006-4473 | 0.00 | — | 0.01 | Aug 31, 2006 | Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | |||
| CVE-2006-3480 | 0.00 | — | 0.02 | Jul 10, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. | |||
| CVE-2006-3481 | 0.00 | — | 0.02 | Jul 10, 2006 | Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | |||
| CVE-2006-2960 | 0.00 | — | 0.02 | Jun 12, 2006 | PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||
| CVE-2006-1957 | 0.00 | — | 0.02 | Apr 21, 2006 | The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. |
- CVE-2007-0387Jan 19, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-0375Jan 19, 2007risk 0.00cvss —epss 0.02
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts,…
- CVE-2007-0374Jan 19, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
- CVE-2006-6832Dec 31, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
- CVE-2006-6833Dec 31, 2006risk 0.00cvss —epss 0.01
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
- CVE-2006-6834Dec 31, 2006risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
- CVE-2006-4470Aug 31, 2006risk 0.00cvss —epss 0.03
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
- CVE-2006-4474Aug 31, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
- CVE-2006-4472Aug 31, 2006risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
- CVE-2006-4466Aug 31, 2006risk 0.00cvss —epss 0.01
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability…
- CVE-2006-4476Aug 31, 2006risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5)…
- CVE-2006-4469Aug 31, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
- CVE-2006-4468Aug 31, 2006risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of…
- CVE-2006-4471Aug 31, 2006risk 0.00cvss —epss 0.02
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
- CVE-2006-4475Aug 31, 2006risk 0.00cvss —epss 0.01
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
- CVE-2006-4473Aug 31, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
- CVE-2006-3480Jul 10, 2006risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
- CVE-2006-3481Jul 10, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
- CVE-2006-2960Jun 12, 2006risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
- CVE-2006-1957Apr 21, 2006risk 0.00cvss —epss 0.02
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
Page 19 of 20