National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,059 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2007-5363

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: October 10, 2007; 09:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-5309

PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: October 09, 2007; 05:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-5310

PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: October 09, 2007; 05:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-5065

PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 24, 2007; 06:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4954

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 18, 2007; 04:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-4955

PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 18, 2007; 04:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-4923

PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Published: September 17, 2007; 01:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-4817

Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.

Published: September 11, 2007; 03:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4777

SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.

Published: September 10, 2007; 05:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4778

Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.

Published: September 10, 2007; 05:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4779

Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.

Published: September 10, 2007; 05:17:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2007-4780

Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.

Published: September 10, 2007; 05:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-4781

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.

Published: September 10, 2007; 05:17:00 PM -04:00
    V2: 6.6 MEDIUM
CVE-2007-4502

SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.

Published: August 23, 2007; 03:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4503

SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.

Published: August 23, 2007; 03:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4504

Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.

Published: August 23, 2007; 03:17:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2007-4506

SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.

Published: August 23, 2007; 03:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4509

SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.

Published: August 23, 2007; 03:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4456

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.

Published: August 21, 2007; 05:17:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-4244

PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

Published: August 08, 2007; 07:17:00 PM -04:00
    V2: 7.5 HIGH