National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,084 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2013-1455

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-1454

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 7.5 HIGH
CVE-2012-6514

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.

Published: January 23, 2013; 08:55:05 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-6503

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.

Published: January 23, 2013; 08:55:04 PM -05:00
    V2: 10.0 HIGH
CVE-2012-1599

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

Published: December 03, 2012; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

Published: December 03, 2012; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2010-5286

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: November 26, 2012; 06:55:01 PM -05:00
    V2: 10.0 HIGH
CVE-2010-5280

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

Published: November 26, 2012; 06:55:00 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5827

Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

Published: November 11, 2012; 08:01:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2012-4532

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

Published: October 31, 2012; 12:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-4531

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 31, 2012; 12:55:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5455

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

Published: October 22, 2012; 07:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-4911

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-4910

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5232

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5230

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2012-1117

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 25, 2012; 08:55:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1116

SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: September 25, 2012; 08:55:00 PM -04:00
    V2: 7.5 HIGH