National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:joomla:joomla%21:3.2.0:alpha
There are 409 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2016-8870

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

Published: November 04, 2016; 05:59:08 PM -04:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2016-8869

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Published: November 04, 2016; 05:59:07 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

Published: January 12, 2016; 03:59:07 PM -05:00
V3.0: 7.3 HIGH
    V2: 7.5 HIGH
CVE-2015-8565

Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

Published: December 16, 2015; 04:59:09 PM -05:00
    V2: 7.5 HIGH
CVE-2015-8563

Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: December 16, 2015; 04:59:07 PM -05:00
    V2: 6.8 MEDIUM
CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

Published: December 16, 2015; 04:59:06 PM -05:00
    V2: 7.5 HIGH
CVE-2015-7899

The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: October 29, 2015; 04:59:13 PM -04:00
    V2: 5.0 MEDIUM
CVE-2015-7859

The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: October 29, 2015; 04:59:13 PM -04:00
    V2: 5.0 MEDIUM
CVE-2015-7858

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

Published: October 29, 2015; 04:59:12 PM -04:00
    V2: 7.5 HIGH
CVE-2015-7857

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

Published: October 29, 2015; 04:59:11 PM -04:00
    V2: 7.5 HIGH
CVE-2015-7297

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

Published: October 29, 2015; 04:59:08 PM -04:00
    V2: 7.5 HIGH
CVE-2015-5397

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

Published: July 14, 2015; 12:59:04 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-4654

SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.

Published: June 18, 2015; 02:59:06 PM -04:00
    V2: 7.5 HIGH
CVE-2014-7228

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.

Published: November 03, 2014; 05:55:08 PM -05:00
    V2: 7.5 HIGH
CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 7.5 HIGH
CVE-2014-7983

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7982

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7981

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 7.5 HIGH
CVE-2014-7229

Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-6632

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 7.5 HIGH