National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,050 matching records.
Displaying matches 941 through 960.
Vuln ID Summary CVSS Severity
CVE-2007-3970

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

Published: July 25, 2007; 01:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-3971

Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.

Published: July 25, 2007; 01:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-3972

ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.

Published: July 25, 2007; 01:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-3932

uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.

Published: July 20, 2007; 08:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-3249

Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.

Published: June 18, 2007; 06:30:00 AM -04:00
V2: 4.3 MEDIUM
CVE-2007-3130

Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: June 08, 2007; 12:30:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-2933

SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.

Published: May 30, 2007; 08:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-2792

SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.

Published: May 21, 2007; 08:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-2319

PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.

Published: April 26, 2007; 05:19:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-2199

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

Published: April 24, 2007; 04:19:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-2196

** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request.

Published: April 24, 2007; 01:19:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-2143

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: April 19, 2007; 06:19:00 AM -04:00
V2: 7.5 HIGH
CVE-2007-2144

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: April 19, 2007; 06:19:00 AM -04:00
V2: 6.8 MEDIUM
CVE-2007-2089

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.

Published: April 18, 2007; 06:19:00 AM -04:00
V2: 6.8 MEDIUM
CVE-2007-2043

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.

Published: April 16, 2007; 06:19:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-2044

PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

Published: April 16, 2007; 06:19:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-2005

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.

Published: April 12, 2007; 03:19:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-1776

SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.

Published: March 29, 2007; 09:19:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2007-1699

Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.

Published: March 26, 2007; 09:19:00 PM -04:00
V2: 10.0 HIGH
CVE-2007-1703

SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

Published: March 26, 2007; 09:19:00 PM -04:00
V2: 7.5 HIGH