Filtered by vendor Joomla Subscriptions
Total 921 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-4617 3 Joomla, Mambo-foundation, Pyxicom 3 Joomla, Mambo, Actualite 2024-11-21 N/A
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4122 1 Joomla 1 Joomla\! 2024-11-21 7.5 High
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2008-4105 1 Joomla 1 Joomla 2024-11-21 N/A
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
CVE-2008-4104 1 Joomla 1 Joomla 2024-11-21 N/A
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2008-4103 1 Joomla 2 Com Mailto, Joomla 2024-11-21 N/A
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
CVE-2008-4102 1 Joomla 1 Joomla 2024-11-21 N/A
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
CVE-2008-3681 1 Joomla 1 Com User 2024-11-21 N/A
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
CVE-2008-3586 1 Joomla 1 Com Ezstore 2024-11-21 N/A
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2024-11-21 N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-3265 1 Joomla 1 Com Dtregister 2024-11-21 N/A
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
CVE-2008-3228 1 Joomla 1 Joomla 2024-11-21 N/A
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
CVE-2008-3227 1 Joomla 1 Joomla 2024-11-21 N/A
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
CVE-2008-3226 1 Joomla 1 Joomla 2024-11-21 N/A
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
CVE-2008-3225 1 Joomla 1 Joomla 2024-11-21 N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2008-3132 1 Joomla 1 Com Beamospetition 2024-11-21 N/A
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
CVE-2008-3083 2 Brightcode, Joomla 2 Brightcode Weblinks Module, Com Brightweblinks 2024-11-21 N/A
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-2990 2 Joomla, Mambo 3 Com Facileforms, Joomla, Com Facileforms 2024-11-21 N/A
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
CVE-2008-2892 2 Feellove, Joomla 2 Exp Shop Component, Com Expshop 2024-11-21 N/A
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
CVE-2008-2701 1 Joomla 1 Com Gameq 2024-11-21 N/A
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
CVE-2008-2697 2 Joomla, Rapid-source 2 Com Rapidrecipe, Rapid Recipe 2024-11-21 N/A
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.