National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 881 through 900.
Vuln ID Summary CVSS Severity
CVE-2008-0607

SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: February 06, 2008; 07:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2008-0579

SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.

Published: February 04, 2008; 10:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0567

Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.

Published: February 04, 2008; 09:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0557

SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Published: February 04, 2008; 06:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0561

SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Published: February 04, 2008; 06:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0562

SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Published: February 04, 2008; 06:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0510

SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0511

SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0512

SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0514

SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0515

SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0517

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0518

SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-0519

SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.

Published: January 31, 2008; 03:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-6663

SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.

Published: January 04, 2008; 06:46:00 AM -05:00
    V2: 7.5 HIGH
CVE-2007-6642

Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.

Published: January 03, 2008; 08:46:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2007-6643

Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 03, 2008; 08:46:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-6644

Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.

Published: January 03, 2008; 08:46:00 PM -05:00
    V2: 6.5 MEDIUM
CVE-2007-6645

Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

Published: January 03, 2008; 08:46:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-6553

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.

Published: December 27, 2007; 07:46:00 PM -05:00
    V2: 6.8 MEDIUM