National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,050 matching records.
Displaying matches 981 through 1000.
Vuln ID Summary CVSS Severity
CVE-2006-6419

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 10, 2006; 06:28:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6420

Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 10, 2006; 06:28:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2006-6166

Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.

Published: November 28, 2006; 09:28:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2006-6051

PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: November 21, 2006; 07:07:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-5106

Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 03, 2006; 12:03:00 AM -04:00
V2: 5.1 MEDIUM
CVE-2006-5096

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action.

Published: September 29, 2006; 05:07:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-5039

Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5040

Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5041

Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5042

Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5043

Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-5044

Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5045

Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-5046

Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5047

Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-5048

Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-5049

Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4992

Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4995

PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4996

Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."

Published: September 25, 2006; 10:07:00 PM -04:00
V2: 10.0 HIGH