Vulnerabilities > Joomla > Joomla > 1.0

DATE CVE VULNERABILITY TITLE RISK
2009-09-16 CVE-2009-3215 SQL Injection vulnerability in PHP-Shop-System Ixxo Cart
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
network
low complexity
php-shop-system joomla CWE-89
7.5
2009-02-26 CVE-2008-6299 Cross-Site Scripting vulnerability in Joomla
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
network
joomla CWE-79
3.5
2009-01-09 CVE-2009-0113 Path Traversal vulnerability in Joomla Xstandard
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a ..
network
low complexity
joomla CWE-22
5.0
2008-11-13 CVE-2008-5053 Code Injection vulnerability in Joomla COM Rssreader 1.0
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
network
low complexity
joomla CWE-94
critical
10.0
2008-07-18 CVE-2008-3228 Configuration vulnerability in Joomla
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
network
low complexity
joomla CWE-16
7.5
2008-07-18 CVE-2008-3227 Link Following vulnerability in Joomla
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
network
low complexity
joomla CWE-59
7.5
2008-07-18 CVE-2008-3226 Permissions, Privileges, and Access Controls vulnerability in Joomla
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
network
low complexity
joomla CWE-264
5.0
2008-07-18 CVE-2008-3225 Permissions, Privileges, and Access Controls vulnerability in Joomla
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
network
low complexity
joomla CWE-264
critical
10.0
2008-02-15 CVE-2008-0795 SQL Injection vulnerability in multiple products
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
network
low complexity
joomla mambo mgfi CWE-89
7.5
2006-12-31 CVE-2006-6834 Cross-Site Scripting vulnerability in Joomla
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
network
joomla
6.8