Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-31 | CVE-2006-4470 | Unspecified vulnerability in Joomla Joomla! Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | 7.5 |
| 2006-08-31 | CVE-2006-4469 | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | 7.5 |
| 2006-08-18 | CVE-2006-4229 | Remote Security vulnerability in Moslistmessenger Component PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-14 | CVE-2006-4129 | Remote File Include vulnerability in Joomla Webring Component 1.0 PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | 7.5 |
| 2006-08-01 | CVE-2006-3969 | Remote File Include vulnerability in Colophon Component Admin.Colophon.PHP PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-07-10 | CVE-2006-3481 | Input Validation vulnerability in Joomla! Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | 7.5 |
| 2006-06-12 | CVE-2006-2960 | Remote File Include vulnerability in Joomla 1.0 PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | 7.5 |
| 2006-03-07 | CVE-2006-1049 | SQL Injection vulnerability in Joomla Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-03-07 | CVE-2006-1028 | Denial-Of-Service vulnerability in Joomla 1.0.7 feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | 7.8 |
| 2005-11-23 | CVE-2005-3772 | Input Validation vulnerability in Joomla Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | 7.5 |