) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:joomla:joomla%21:3.4.4
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-8562 |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Published: December 16, 2015; 4:59:06 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-7899 |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: October 29, 2015; 4:59:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-7859 |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: October 29, 2015; 4:59:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-7857 |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. Published: October 29, 2015; 4:59:11 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-7297 |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. Published: October 29, 2015; 4:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |