Joomla » Joomla : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 7

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.

feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.

Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.