VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2007-0387Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2007-0375Jan 19, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts,…

  • CVE-2007-0374Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

  • CVE-2006-6832Dec 31, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.

  • CVE-2006-6833Dec 31, 2006
    risk 0.00cvss epss 0.01

    com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

  • CVE-2006-6834Dec 31, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."

  • CVE-2006-4470Aug 31, 2006
    risk 0.00cvss epss 0.03

    Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.

  • CVE-2006-4474Aug 31, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.

  • CVE-2006-4472Aug 31, 2006
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

  • CVE-2006-4466Aug 31, 2006
    risk 0.00cvss epss 0.01

    Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability…

  • CVE-2006-4476Aug 31, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5)…

  • CVE-2006-4469Aug 31, 2006
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

  • CVE-2006-4468Aug 31, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of…

  • CVE-2006-4471Aug 31, 2006
    risk 0.00cvss epss 0.02

    The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

  • CVE-2006-4475Aug 31, 2006
    risk 0.00cvss epss 0.01

    Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

  • CVE-2006-4473Aug 31, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.

  • CVE-2006-3480Jul 10, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.

  • CVE-2006-3481Jul 10, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".

  • CVE-2006-2960Jun 12, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

  • CVE-2006-1957Apr 21, 2006
    risk 0.00cvss epss 0.02

    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.

Page 19 of 20