U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 901 through 920.
Vuln ID Summary CVSS Severity
CVE-2008-5874

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.

Published: January 08, 2009; 2:30:11 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5865

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.

Published: January 06, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5864

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

Published: January 06, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5811

SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.

Published: January 02, 2009; 1:11:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5793

Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.

Published: December 31, 2008; 6:30:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-5790

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.

Published: December 31, 2008; 6:30:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5789

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.

Published: December 31, 2008; 6:30:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4122

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Published: December 19, 2008; 12:30:02 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2008-5671

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: December 18, 2008; 8:52:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5643

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.

Published: December 17, 2008; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5607

SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: December 16, 2008; 2:07:32 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5494

SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: December 12, 2008; 11:30:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5208

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

Published: November 24, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5200

SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: November 21, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: November 13, 2008; 6:30:01 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5051

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.

Published: November 12, 2008; 9:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4777

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

Published: October 29, 2008; 10:22:38 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4764

Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.

Published: October 27, 2008; 10:03:38 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-4715

SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

Published: October 23, 2008; 1:17:14 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4668

Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.

Published: October 22, 2008; 6:30:01 AM -0400
V3.x:(not available)
V2.0: 9.0 HIGH