National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,055 matching records.
Displaying matches 961 through 980.
Vuln ID Summary CVSS Severity
CVE-2007-2044

PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

Published: April 16, 2007; 06:19:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-2005

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.

Published: April 12, 2007; 03:19:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-1776

SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.

Published: March 29, 2007; 09:19:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-1699

Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.

Published: March 26, 2007; 09:19:00 PM -04:00
    V2: 10.0 HIGH
CVE-2007-1703

SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

Published: March 26, 2007; 09:19:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-1704

SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: March 26, 2007; 09:19:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-1596

Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.

Published: March 22, 2007; 07:19:00 PM -04:00
    V2: 9.3 HIGH
CVE-2006-7122

Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-7123

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-7124

PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-7125

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-7126

SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-7008

Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

Published: February 12, 2007; 06:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-7009

Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

Published: February 12, 2007; 06:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-7010

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Published: February 12, 2007; 06:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-6962

PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.

Published: January 29, 2007; 11:28:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2007-0373

Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.

Published: January 19, 2007; 06:28:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2007-0374

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Published: January 19, 2007; 06:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-0375

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

Published: January 19, 2007; 06:28:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2007-0382

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.

Published: January 19, 2007; 06:28:00 PM -05:00
    V2: 7.5 HIGH