National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,055 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2012-0819

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2006-7247

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Published: September 06, 2012; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4868

SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: September 06, 2012; 01:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Published: August 31, 2012; 05:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-5134

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.

Published: August 30, 2012; 06:55:04 PM -04:00
    V2: 6.0 MEDIUM
CVE-2011-5113

SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: August 23, 2012; 04:55:03 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5112

SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.

Published: August 23, 2012; 04:55:02 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5099

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: August 14, 2012; 06:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4256

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

Published: August 13, 2012; 02:55:05 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-4235

The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.

Published: August 10, 2012; 06:34:48 AM -04:00
    V2: 5.0 MEDIUM
CVE-2012-4071

Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.

Published: August 10, 2012; 06:34:48 AM -04:00
    V2: 4.3 MEDIUM
CVE-2012-3554

SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 10, 2012; 06:34:48 AM -04:00
    V2: 7.5 HIGH
CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.

Published: July 03, 2012; 06:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-3828

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.

Published: July 03, 2012; 06:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-2748

Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."

Published: July 03, 2012; 03:55:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-2747

Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."

Published: July 03, 2012; 03:55:03 PM -04:00
    V2: 7.5 HIGH
CVE-2012-2902

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

Published: May 21, 2012; 02:55:02 PM -04:00
    V2: 6.0 MEDIUM
CVE-2012-2901

Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.

Published: May 21, 2012; 02:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1018

Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Published: February 07, 2012; 07:55:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2011-5004

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Published: December 24, 2011; 08:55:04 PM -05:00
    V2: 6.0 MEDIUM