National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,045 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2016-9838

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.

Published: December 16, 2016; 04:59:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-9837

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.

Published: December 16, 2016; 04:59:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.

Published: December 05, 2016; 12:59:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-8870

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

Published: November 04, 2016; 05:59:08 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2016-8869

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Published: November 04, 2016; 05:59:07 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-1000122

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

Published: October 27, 2016; 05:59:03 PM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000121

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

Published: October 27, 2016; 05:59:02 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2016-1000120

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

Published: October 27, 2016; 05:59:00 PM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000119

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

Published: October 21, 2016; 10:59:05 AM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000118

XSS & SQLi in HugeIT slideshow v1.0.4

Published: October 21, 2016; 10:59:04 AM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000117

XSS & SQLi in HugeIT slideshow v1.0.4

Published: October 21, 2016; 10:59:03 AM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000116

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

Published: October 21, 2016; 10:59:01 AM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000115

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

Published: October 21, 2016; 10:59:00 AM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2016-1000125

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

Published: October 06, 2016; 10:59:23 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-1000124

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Published: October 06, 2016; 10:59:22 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-1000123

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Published: October 06, 2016; 10:59:21 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-1000114

XSS in huge IT gallery v1.1.5 for Joomla

Published: October 06, 2016; 10:59:20 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-1000113

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Published: October 06, 2016; 10:59:19 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

Published: January 12, 2016; 03:59:07 PM -05:00
V3: 7.3 HIGH
V2: 7.5 HIGH
CVE-2015-8566

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

Published: December 16, 2015; 04:59:11 PM -05:00
V2: 7.5 HIGH