U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2008-4623

SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.

Published: October 20, 2008; 9:18:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4617

SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: October 20, 2008; 4:00:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4107

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Published: September 18, 2008; 1:59:33 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2008-4105

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

Published: September 18, 2008; 1:59:32 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4104

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Published: September 18, 2008; 1:59:32 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2008-4103

The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.

Published: September 18, 2008; 1:59:32 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-4102

Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

Published: September 18, 2008; 1:59:32 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3681

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Published: August 14, 2008; 3:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3586

SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: August 11, 2008; 7:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3498

SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.

Published: August 06, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3265

SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.

Published: July 24, 2008; 11:41:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3225

Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."

Published: July 18, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-3226

The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

Published: July 18, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-3227

Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

Published: July 18, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3228

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

Published: July 18, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3132

SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

Published: July 10, 2008; 7:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3083

SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: July 08, 2008; 8:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-2990

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

Published: July 02, 2008; 1:14:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-2892

SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.

Published: June 27, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-2692

SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.

Published: June 13, 2008; 3:41:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH