Vulnerabilities > Joomla > Joomla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-09 | CVE-2009-0113 | Path Traversal vulnerability in Joomla Xstandard Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2008-12-31 | CVE-2008-5793 | Code Injection vulnerability in Recly Clickheat-Heatmap 1.0.1 Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | 6.8 |
| 2008-10-28 | CVE-2008-4764 | Path Traversal vulnerability in Extplorer COM Extplorer 2.0.0 Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-09-18 | CVE-2008-4104 | Link Following vulnerability in Joomla Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | 5.8 |
| 2008-09-18 | CVE-2008-4103 | Improper Input Validation vulnerability in Joomla COM Mailto The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | 5.0 |
| 2008-07-18 | CVE-2008-3226 | Permissions, Privileges, and Access Controls vulnerability in Joomla The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | 5.0 |
| 2008-04-16 | CVE-2008-1849 | Path Traversal vulnerability in Joomlacode Joomlaexplorer Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2008-04-16 | CVE-2008-1848 | Cross-Site Scripting vulnerability in Joomlacode Joomlaexplorer Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php. | 4.3 |
| 2008-03-31 | CVE-2008-1559 | SQL Injection vulnerability in Bernard Gilly COM Alphacontent 2.5.8 SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 6.8 |
| 2008-03-28 | CVE-2008-1533 | Unspecified vulnerability in Joomla! XML-RPC Blogger API Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. network joomla | 6.8 |