VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2009-3834Nov 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.

  • CVE-2009-3480Sep 30, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2009-2789Aug 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2009-1940Jun 5, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1939Jun 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1280Apr 9, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2009-1279Apr 9, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the…

  • CVE-2008-6299Feb 26, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in…

  • CVE-2009-0706Feb 23, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

  • CVE-2008-5671Dec 19, 2008
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2008-4107Sep 18, 2008
    risk 0.00cvss epss 0.03

    The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset…

  • CVE-2008-4105Sep 18, 2008
    risk 0.00cvss epss 0.02

    JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

  • CVE-2008-4104Sep 18, 2008
    risk 0.00cvss epss 0.01

    Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

  • CVE-2008-4103Sep 18, 2008
    risk 0.00cvss epss 0.01

    The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.

  • CVE-2008-4102Sep 18, 2008
    risk 0.00cvss epss 0.02

    Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

  • CVE-2008-3228Jul 18, 2008
    risk 0.00cvss epss 0.01

    Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

  • CVE-2008-3227Jul 18, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

  • CVE-2008-3225Jul 18, 2008
    risk 0.00cvss epss 0.01

    Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."

  • CVE-2008-3226Jul 18, 2008
    risk 0.00cvss epss 0.01

    The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

  • CVE-2008-1890Apr 18, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-1533Mar 28, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.

  • CVE-2008-0849Feb 21, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.

  • CVE-2008-0762Feb 13, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

  • CVE-2008-0607Feb 6, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2007-6644Jan 4, 2008
    risk 0.00cvss epss 0.02

    Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.

  • CVE-2007-6642Jan 4, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.

  • CVE-2007-6643Jan 4, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6645Jan 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

  • CVE-2007-5577Oct 18, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New…

  • CVE-2007-5389Oct 12, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because…

  • CVE-2007-4779Sep 10, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.

  • CVE-2007-4778Sep 10, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in…

  • CVE-2007-4777Sep 10, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.

  • CVE-2007-4780Sep 10, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.

  • CVE-2007-4745Sep 6, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.

  • CVE-2007-4190Aug 8, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS)…

  • CVE-2007-4184Aug 8, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

  • CVE-2007-4185Aug 8, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7)…

  • CVE-2007-4189Aug 8, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are…

  • CVE-2007-4188Aug 8, 2007
    risk 0.00cvss epss 0.04

    Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

  • CVE-2007-2196Apr 24, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable…

  • CVE-2006-7124Mar 6, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.

  • CVE-2006-7126Mar 6, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.

  • CVE-2006-7123Mar 6, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP…

  • CVE-2006-7125Mar 6, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.

  • CVE-2006-7122Mar 6, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.

  • CVE-2006-7009Feb 12, 2007
    risk 0.00cvss epss 0.01

    Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

  • CVE-2006-7008Feb 12, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

  • CVE-2006-7010Feb 12, 2007
    risk 0.00cvss epss 0.01

    The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

  • CVE-2007-0375Jan 19, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts,…