Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
583 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 105 Backdrop, Debian Linux, Drupal and 102 more | 2024-02-16 | 6.1 Medium |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | ||||
CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2024-02-14 | 9.8 Critical |
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | ||||
CVE-2010-1873 | 2 Joomla, Jvehicles | 2 Joomla\!, Com Jvehicles | 2024-02-14 | N/A |
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-2909 | 2 Joomla, Toughtomato | 2 Joomla\!, Com Ttvideo | 2024-02-14 | N/A |
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. | ||||
CVE-2006-5043 | 2 Joomla, Joomlaboard | 2 Joomla\!, Joomlaboard | 2024-02-14 | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | ||||
CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2024-02-14 | N/A |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | ||||
CVE-2010-4516 | 2 Joomla, Jxtended | 2 Joomla\!, Jxtended Comments | 2024-02-14 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2024-02-14 | N/A |
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | ||||
CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2024-02-14 | N/A |
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | ||||
CVE-2005-4650 | 1 Joomla | 1 Joomla\! | 2024-02-02 | N/A |
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots. | ||||
CVE-2010-0467 | 2 Chillcreations, Joomla | 2 Com Ccnewsletter, Joomla\! | 2024-01-26 | 5.8 Medium |
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | ||||
CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2024-01-25 | 7.5 High |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-01-09 | 5.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2023-12-05 | 7.5 High |
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | ||||
CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2023-12-02 | 6.1 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||||
CVE-2022-27913 | 1 Joomla | 1 Joomla\! | 2023-12-02 | 6.1 Medium |
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | ||||
CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2023-12-02 | 5.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||||
CVE-2019-11831 | 5 Debian, Drupal, Fedoraproject and 2 more | 5 Debian Linux, Drupal, Fedora and 2 more | 2023-11-07 | 9.8 Critical |
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | ||||
CVE-2016-8870 | 1 Joomla | 1 Joomla\! | 2023-11-07 | N/A |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | ||||
CVE-2016-8869 | 1 Joomla | 1 Joomla\! | 2023-11-07 | N/A |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. |