Vulnerabilities > Joomla

DATE CVE VULNERABILITY TITLE RISK
2006-08-31 CVE-2006-4466 Improper Input Validation vulnerability in Joomla 1.0.9
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact.
network
low complexity
joomla CWE-20
5.0
2006-08-21 CVE-2006-4242 Remote File Include vulnerability in Joomla JIM Instant Messaging Component 1.0.1
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
high complexity
joomla
5.1
2006-08-18 CVE-2006-4229 Remote Security vulnerability in Moslistmessenger Component
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla mambo
7.5
2006-08-14 CVE-2006-4129 Remote File Include vulnerability in Joomla Webring Component 1.0
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
network
low complexity
joomla
7.5
2006-08-01 CVE-2006-3969 Remote File Include vulnerability in Colophon Component Admin.Colophon.PHP
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla
7.5
2006-07-24 CVE-2006-3774 Code Injection vulnerability in Joomla Performs Component
PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
joomla CWE-94
6.8
2006-07-12 CVE-2006-3530 Code Injection vulnerability in Joomla PC Cookbook 0.3/1.3.1
PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.
network
joomla CWE-94
6.8
2006-07-10 CVE-2006-3481 Input Validation vulnerability in Joomla!
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
network
low complexity
joomla
7.5
2006-07-10 CVE-2006-3480 Input Validation vulnerability in Joomla!
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
network
joomla
5.8
2006-06-12 CVE-2006-2960 Remote File Include vulnerability in Joomla 1.0
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
network
low complexity
joomla
7.5