National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 1001 through 1020.
Vuln ID Summary CVSS Severity
CVE-2006-4992

Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4995

PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4996

Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 10.0 HIGH
CVE-2006-4553

PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: September 05, 2006; 08:04:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-4556

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242.

Published: September 05, 2006; 08:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4466

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-4468

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-4469

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4470

Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4471

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2006-4472

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4473

Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 5.1 MEDIUM
CVE-2006-4474

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-4475

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4476

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.

Published: August 31, 2006; 04:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4378

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue.

Published: August 26, 2006; 05:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4348

PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: August 24, 2006; 05:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4320

PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: August 23, 2006; 09:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4282

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

Published: August 22, 2006; 01:04:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4263

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.

Published: August 21, 2006; 05:04:00 PM -04:00
V2: 7.5 HIGH