National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 801 through 820.
Vuln ID Summary CVSS Severity
CVE-2008-3226

The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-3227

Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-3228

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-3132

SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

Published: July 10, 2008; 07:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-3083

SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: July 08, 2008; 08:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2990

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

Published: July 02, 2008; 01:14:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2892

SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.

Published: June 27, 2008; 02:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2692

SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.

Published: June 13, 2008; 03:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2697

SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.

Published: June 13, 2008; 03:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2701

SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.

Published: June 13, 2008; 03:41:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-2676

SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

Published: June 12, 2008; 08:21:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-2643

SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.

Published: June 10, 2008; 02:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2651

SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.

Published: June 10, 2008; 02:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2627

SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2628

SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2630

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2632

SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2633

Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2564

SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

Published: June 06, 2008; 02:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2568

SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.

Published: June 06, 2008; 02:32:00 PM -04:00
    V2: 7.5 HIGH