Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Joomla
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1000123 |
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Published: October 06, 2016; 10:59:21 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-1000114 |
XSS in huge IT gallery v1.1.5 for Joomla Published: October 06, 2016; 10:59:20 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1000113 |
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Published: October 06, 2016; 10:59:19 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8769 |
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. Published: January 12, 2016; 3:59:07 PM -0500 |
V3.0: 7.3 HIGH V2.0: 7.5 HIGH |
CVE-2015-8566 |
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. Published: December 16, 2015; 4:59:11 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8565 |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. Published: December 16, 2015; 4:59:09 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8564 |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. Published: December 16, 2015; 4:59:08 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8563 |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published: December 16, 2015; 4:59:07 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-8562 |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. Published: December 16, 2015; 4:59:06 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7899 |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: October 29, 2015; 4:59:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7859 |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: October 29, 2015; 4:59:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7858 |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. Published: October 29, 2015; 4:59:12 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7857 |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. Published: October 29, 2015; 4:59:11 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7297 |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. Published: October 29, 2015; 4:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6939 |
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 18, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-6919 |
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. Published: September 11, 2015; 4:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-6513 |
Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. Published: August 18, 2015; 11:59:13 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5397 |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Published: July 14, 2015; 12:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4654 |
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. Published: June 18, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8607 |
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command. Published: June 10, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |