Vulnerabilities > Joomla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-12 | CVE-2006-7008 | Remote Security vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | 7.5 |
| 2007-01-29 | CVE-2006-6962 | Code Injection vulnerability in Joomla RS Gallery2 1.11.2 PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | 6.8 |
| 2007-01-19 | CVE-2007-0387 | SQL-Injection vulnerability in Joomla 20070118 SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2007-01-19 | CVE-2007-0375 | Information Disclosure vulnerability in Joomla 1.5.0Beta Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | 5.0 |
| 2007-01-19 | CVE-2007-0374 | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
| 2007-01-19 | CVE-2007-0373 | SQL Injection vulnerability in Joomla 1.5.0Beta Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. network joomla | 6.8 |
| 2006-12-31 | CVE-2006-6843 | Remote File Include vulnerability in Joomla BE IT Easypartner Component 0.0.9Beta PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 7.5 |
| 2006-12-31 | CVE-2006-6834 | Cross-Site Scripting vulnerability in Joomla Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." network joomla | 6.8 |
| 2006-12-31 | CVE-2006-6833 | Cross-Site Scripting vulnerability in Joomla com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | 7.5 |
| 2006-12-31 | CVE-2006-6832 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | 4.3 |