Filtered by vendor Joomla
Subscriptions
Total
943 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2008-1505 | 2 Joomla, Sstreamtv | 2 Joomla, Custompages | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php. | ||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | ||||
| CVE-2008-3227 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | ||||
| CVE-2008-4105 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | ||||
| CVE-2008-6299 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | ||||
| CVE-2009-1938 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. | ||||
| CVE-2009-1939 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1940 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3215 | 2 Joomla, Php-shop-system | 2 Joomla, Ixxo Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | ||||
| CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request | ||||
| CVE-2007-3130 | 1 Joomla | 1 Jd-wiki | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0815 | 2 Egitimhost, Joomla | 2 Com Mezun, Com Mezun | 2025-04-09 | N/A |
| SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task. | ||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | ||||
| CVE-2007-3932 | 1 Joomla | 1 Expose | 2025-04-09 | N/A |
| uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. | ||||
| CVE-2007-5309 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-4185 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | ||||
| CVE-2007-4187 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | ||||
| CVE-2007-4188 | 1 Joomla | 1 Joomla\! | 2025-04-09 | N/A |
| Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. | ||||