Filtered by vendor Joomla
Subscribe
Search
Total
903 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | |||||
| CVE-2006-7123 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | |||||
| CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | |||||
| CVE-2006-7126 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. | |||||
| CVE-2008-0855 | 2 Joomla, Mambo | 2 Com Facileforms, Com Facileforms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-0854 | 2 Joomla, Mambo | 2 Com Salesrep, Com Salesrep | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | |||||
| CVE-2008-0853 | 2 Joomla, Mambo | 2 Com Detail, Com Detail | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||||
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||||
| CVE-2008-0817 | 2 Joomla, Mambo | 2 Com Filebase Component, Com Filebase Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||||
| CVE-2008-0815 | 2 Egitimhost, Joomla | 2 Com Mezun, Com Mezun | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task. | |||||
| CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0762 | 1 Joomla | 1 Com Iomezun | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||||
| CVE-2008-0754 | 1 Joomla | 1 Com Rapidrecipe | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action. | |||||
| CVE-2007-6642 | 1 Joomla | 1 Joomla | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. | |||||
| CVE-2007-6362 | 1 Joomla | 1 Rs Gallery2 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | |||||
| CVE-2007-6272 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
| CVE-2007-5457 | 2 Joomla, Michael Dempfle | 2 Joomla, Joomla Flash Uploader | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. | |||||
| CVE-2007-5427 | 1 Joomla | 2 Com Search Component, Joomla | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. | |||||
| CVE-2007-5410 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Rss Reader | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-5389 | 2 Joomla, Swmenupro | 2 Joomla, Swmenufree | 2018-10-15 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests. | |||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
| CVE-2007-4780 | 1 Joomla | 1 Joomla | 2018-10-15 | 6.8 MEDIUM | N/A |
| Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
| CVE-2007-4779 | 1 Joomla | 1 Joomla | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | |||||
| CVE-2007-4244 | 1 Joomla | 1 J Reactions | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | |||||
| CVE-2007-4187 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | |||||
| CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-4185 | 1 Joomla | 1 Joomla | 2018-10-15 | 5.0 MEDIUM | N/A |
| Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | |||||
| CVE-2007-4184 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
| CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | |||||
| CVE-2009-0378 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. | |||||
| CVE-2008-6234 | 2 Joomla, Mambo-foundation | 4 Com Musica, Joomla, Com Musica and 1 more | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. | |||||
| CVE-2008-5957 | 2 Joomla, Mydyngallery | 2 Joomla, Mydyngallery | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | |||||
| CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | |||||
| CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
| CVE-2008-4122 | 1 Joomla | 1 Joomla | 2018-10-11 | 5.0 MEDIUM | N/A |
| Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2008-4102 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. | |||||
| CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | |||||
| CVE-2008-2633 | 1 Joomla | 2 Com Joomradio, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | |||||
| CVE-2008-2454 | 1 Joomla | 1 Com Xsstream-dm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php. | |||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | |||||
| CVE-2008-1137 | 2 Joomla, Mambo | 2 Com Garyscookbook, Com Garyscookbook | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2011-0005 | 1 Joomla | 2 Com Search, Joomla\! | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | |||||
| CVE-2010-4865 | 2 Harmistechnology, Joomla | 2 Com Jeguestbook, Joomla\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | |||||
| CVE-2010-4926 | 2 Joomla, Timetrack | 2 Joomla\!, Com Timetrack | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php. | |||||
| CVE-2010-4937 | 2 Joomla, Robitbt | 2 Joomla\!, Com Amblog | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. | |||||
| CVE-2010-4941 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Teams | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php. | |||||
| CVE-2010-4977 | 2 Joomla, Miniwork | 2 Joomla\!, Com Canteen | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. | |||||
| CVE-2010-5280 | 2 Joomla, Joomla-cbe | 2 Joomla\!, Com Cbe | 2018-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature. | |||||