National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,045 matching records.
Displaying matches 901 through 920.
Vuln ID Summary CVSS Severity
CVE-2007-5427

Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.

Published: October 12, 2007; 07:17:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2007-5407

Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.

Published: October 12, 2007; 02:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5410

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: October 12, 2007; 02:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5412

Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.

Published: October 12, 2007; 02:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5389

** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests.

Published: October 12, 2007; 06:17:00 AM -04:00
V2: 6.8 MEDIUM
CVE-2007-5362

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.

Published: October 10, 2007; 09:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5363

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: October 10, 2007; 09:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5309

PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: October 09, 2007; 05:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5310

PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: October 09, 2007; 05:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-5065

PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 24, 2007; 06:17:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-4954

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 18, 2007; 04:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-4955

PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 18, 2007; 04:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-4923

PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 17, 2007; 01:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-4817

Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.

Published: September 11, 2007; 03:17:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-4777

SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.

Published: September 10, 2007; 05:17:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-4778

Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.

Published: September 10, 2007; 05:17:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-4779

Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.

Published: September 10, 2007; 05:17:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2007-4780

Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.

Published: September 10, 2007; 05:17:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-4781

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.

Published: September 10, 2007; 05:17:00 PM -04:00
V2: 6.6 MEDIUM
CVE-2007-4502

SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.

Published: August 23, 2007; 03:17:00 PM -04:00
V2: 7.5 HIGH