National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,045 matching records.
Displaying matches 961 through 980.
Vuln ID Summary CVSS Severity
CVE-2006-7125

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.

Published: March 05, 2007; 08:19:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2006-7126

SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.

Published: March 05, 2007; 08:19:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2006-7008

Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

Published: February 12, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-7009

Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

Published: February 12, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-7010

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Published: February 12, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-6962

PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.

Published: January 29, 2007; 11:28:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2007-0373

Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.

Published: January 19, 2007; 06:28:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2007-0374

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Published: January 19, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2007-0375

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

Published: January 19, 2007; 06:28:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2007-0382

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.

Published: January 19, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2007-0387

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: January 19, 2007; 06:28:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-6832

Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 4.3 MEDIUM
CVE-2006-6833

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6834

Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2006-6843

PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6419

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 10, 2006; 06:28:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6420

Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 10, 2006; 06:28:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2006-6166

Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.

Published: November 28, 2006; 09:28:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2006-6051

PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: November 21, 2006; 07:07:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-5106

Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 03, 2006; 12:03:00 AM -04:00
V2: 5.1 MEDIUM