U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 1,021 through 1,040.
Vuln ID Summary CVSS Severity
CVE-2008-0512

SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0514

SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0515

SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0517

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0518

SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0519

SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.

Published: January 31, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6663

SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.

Published: January 04, 2008; 6:46:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6642

Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.

Published: January 03, 2008; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-6643

Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 03, 2008; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-6644

Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.

Published: January 03, 2008; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-6645

Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

Published: January 03, 2008; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6553

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.

Published: December 27, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-6555

PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

Published: December 27, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-6362

SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.

Published: December 14, 2007; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6272

Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.

Published: December 07, 2007; 6:46:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6038

PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: November 20, 2007; 6:46:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-6027

PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: November 19, 2007; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-5577

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

Published: October 18, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5457

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.

Published: October 14, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-5451

PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: October 14, 2007; 2:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM