Search Results (979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3946 1 Joomla 1 Joomla\! 2026-04-23 N/A
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
CVE-2008-6050 2 Ircmaxell, Joomla 2 Tech Article, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
CVE-2008-6182 1 Joomla 2 Ignitegallery, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
CVE-2008-6221 2 Dadamailproject, Joomla 2 Dada Mail Manager, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2026-04-23 N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2006-5039 1 Joomla 2 Com Events, Events Module 2026-04-23 N/A
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
CVE-2008-6276 2 Drupal, Joomla 2 User Karma Module, Joomla\! 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
CVE-2008-6882 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2026-04-23 N/A
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2026-04-23 N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2008-0579 1 Joomla 1 Com Buslicense 2026-04-23 N/A
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
CVE-2009-1279 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
CVE-2009-2633 2 Joomla, Ordasoft 2 Joomla, Com Vehiclemanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2637 2 Joomla, Ordasoft 2 Joomla, Com Booklibrary 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-4122 1 Joomla 1 Joomla\! 2026-04-23 7.5 High
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2006-6832 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2008-1935 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2008-3225 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2008-6076 2 Jlleblanc, Joomla 2 Com Dailymessage, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-4576 2 Cmstactics, Joomla 2 Com Beeheard, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.
CVE-2009-4550 2 Joomla, Kunena 2 Joomla\!, Kunena Forum 2026-04-23 N/A
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.