Filtered by vendor Joomla
Subscriptions
Total
922 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7983 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | ||||
| CVE-2017-16634 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | ||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | ||||
| CVE-2017-14596 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | ||||
| CVE-2017-14595 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | ||||
| CVE-2017-11612 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | ||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | ||||
| CVE-2016-9081 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | ||||
| CVE-2015-5608 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | ||||
| CVE-2012-1563 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! before 2.5.3 allows Admin Account Creation. | ||||
| CVE-2012-1562 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! core before 2.5.3 allows unauthorized password change. | ||||
| CVE-2011-4937 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | ||||
| CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | ||||
| CVE-2011-4907 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| Joomla! 1.5x through 1.5.12: Missing JEXEC Check | ||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | ||||
| CVE-2011-3595 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.4 Medium |
| Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | ||||
| CVE-2011-1151 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.1 Critical |
| Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | ||||
| CVE-2010-1435 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2010-1434 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||