Vulnerabilities > Joomla > Joomla > 1.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-09 | CVE-2009-0113 | Path Traversal vulnerability in Joomla Xstandard Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
2008-07-18 | CVE-2008-3228 | Configuration vulnerability in Joomla Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | 7.5 |
2008-07-18 | CVE-2008-3227 | Link Following vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | 7.5 |
2008-07-18 | CVE-2008-3226 | Permissions, Privileges, and Access Controls vulnerability in Joomla The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | 5.0 |
2008-07-18 | CVE-2008-3225 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | 10.0 |
2007-10-18 | CVE-2007-5577 | Cross-site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item. | 4.3 |
2007-08-08 | CVE-2007-4190 | Injection vulnerability in Joomla Joomla! CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. | 4.3 |
2007-08-08 | CVE-2007-4189 | Cross-site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. | 4.3 |
2007-08-08 | CVE-2007-4188 | Session Fixation vulnerability in Joomla Joomla! Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. | 9.3 |
2007-02-12 | CVE-2006-7010 | SQL-Injection vulnerability in Joomla The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | 7.5 |