Filtered by vendor Joomla
Subscribe
Total
921 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1027 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. | |||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | |||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
| CVE-2005-4650 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots. | |||||
| CVE-2006-3530 | 1 Joomla | 1 Pc Cookbook | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3774 | 1 Joomla | 1 Performs Component | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4475 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||||
| CVE-2005-3773 | 1 Joomla | 1 Joomla | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | |||||
| CVE-2006-4378 | 1 Joomla | 1 Rssxt Component | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue | |||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | |||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-1028 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.8 HIGH | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | |||||
| CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | |||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package | |||||
| CVE-2005-3772 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | |||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | |||||
| CVE-2006-3481 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | |||||
| CVE-2006-0114 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. | |||||
| CVE-2006-2960 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2006-0303 | 1 Joomla | 1 Joomla | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | |||||