Filtered by vendor Joomla
Subscriptions
Total
915 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11328 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | ||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | ||||
| CVE-2018-11326 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | ||||
| CVE-2018-11324 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | ||||
| CVE-2018-11322 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | ||||
| CVE-2018-11321 | 1 Joomla | 1 Joomla\! | 2018-06-22 | N/A |
| An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. | ||||
| CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2018-04-09 | N/A |
| In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | ||||
| CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2018-02-13 | N/A |
| In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | ||||
| CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2018-02-13 | N/A |
| In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | ||||
| CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2018-02-13 | N/A |
| In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | ||||
| CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2018-02-13 | N/A |
| In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | ||||
| CVE-2017-16634 | 1 Joomla | 1 Joomla\! | 2017-11-28 | N/A |
| In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | ||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2017-11-28 | N/A |
| In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | ||||
| CVE-2009-0333 | 1 Joomla | 2 Com Waticketsystem, Joomla | 2017-10-19 | N/A |
| SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | ||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2017-10-19 | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | ||||
| CVE-2008-6148 | 2 Joomla, Raven-worx | 2 Joomla, Liveticker | 2017-10-19 | N/A |
| SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. | ||||
| CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2017-10-19 | N/A |
| SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | ||||
| CVE-2008-2568 | 1 Joomla | 2 Com Simpleshop, Joomla | 2017-10-19 | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. | ||||
| CVE-2006-6962 | 1 Joomla | 1 Rs Gallery2 | 2017-10-19 | N/A |
| PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | ||||
| CVE-2006-3969 | 1 Joomla | 1 Colophon | 2017-10-19 | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||