U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 861 through 880.
Vuln ID Summary CVSS Severity
CVE-2008-6481

SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

Published: March 17, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6430

SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: March 06, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6429

SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.

Published: March 06, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6347

PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: March 02, 2009; 11:30:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6337

SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.

Published: February 27, 2009; 12:30:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6299

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."

Published: February 26, 2009; 11:17:19 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-0730

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

Published: February 24, 2009; 6:30:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0726

SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.

Published: February 24, 2009; 6:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-0706

SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

Published: February 23, 2009; 10:30:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-0702

SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.

Published: February 23, 2009; 10:30:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6234

SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: February 20, 2009; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6222

Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.

Published: February 20, 2009; 4:30:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-6221

PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

Published: February 20, 2009; 4:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6184

SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.

Published: February 19, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6182

SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.

Published: February 19, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6181

SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.

Published: February 19, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6172

Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

Published: February 19, 2009; 11:30:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-6166

SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

Published: February 18, 2009; 7:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6149

SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.

Published: February 16, 2009; 12:30:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6148

SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.

Published: February 16, 2009; 12:30:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH