CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities Published In 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6362 89 1 Exec Code Sql 2007-12-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
2 CVE-2007-5457 94 1 Exec Code File Inclusion 2007-10-14 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
3 CVE-2007-5451 94 1 Exec Code File Inclusion 2007-10-14 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
4 CVE-2007-5310 94 1 Exec Code File Inclusion 2007-10-09 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
5 CVE-2007-5309 94 1 Exec Code File Inclusion 2007-10-09 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
6 CVE-2007-5065 94 1 Exec Code File Inclusion 2007-09-24 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
7 CVE-2007-4955 94 1 Exec Code File Inclusion 2007-09-18 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
8 CVE-2007-4954 94 1 Exec Code File Inclusion 2007-09-18 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
9 CVE-2007-4923 94 1 Exec Code File Inclusion 2007-09-17 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
10 CVE-2007-4781 20 1 2007-09-10 2008-11-15
6.6
None Remote High Single system None Complete Complete
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
11 CVE-2007-4509 1 Exec Code Sql 2007-08-23 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
12 CVE-2007-4506 1 Exec Code Sql 2007-08-23 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
13 CVE-2007-4504 1 Dir. Trav. 2007-08-23 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
14 CVE-2007-4503 2 Exec Code Sql 2007-08-23 2008-10-23
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
15 CVE-2007-4502 1 Exec Code Sql 2007-08-23 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
16 CVE-2007-4046 1 Exec Code Sql 2007-07-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
17 CVE-2007-3932 1 Exec Code 2007-07-20 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
18 CVE-2007-2199 94 3 Exec Code File Inclusion 2007-04-24 2011-08-22
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
19 CVE-2007-2005 94 1 Exec Code File Inclusion 2007-04-12 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
20 CVE-2007-1704 1 Exec Code Sql 2007-03-26 2008-11-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
21 CVE-2007-1703 1 Exec Code Sql 2007-03-26 2008-11-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
22 CVE-2007-1699 1 Exec Code File Inclusion 2007-03-26 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
23 CVE-2007-1596 1 Exec Code File Inclusion 2007-03-22 2008-11-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.