CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla » Joomla\! » 3.4.2 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:joomla:joomla\!:3.4.2:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14596 90 2017-09-20 2017-09-27
5.0
None Remote Low Not required Partial None None
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
2 CVE-2017-8057 200 +Info 2017-04-25 2017-05-03
5.0
None Remote Low Not required Partial None None
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
3 CVE-2017-7989 434 2017-04-25 2017-05-02
4.0
None Remote Low ??? None Partial None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
4 CVE-2017-7988 2017-04-25 2019-10-03
5.0
None Remote Low Not required None Partial None
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
5 CVE-2017-7987 79 XSS 2017-04-25 2017-05-03
4.3
None Remote Medium Not required None Partial None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
6 CVE-2017-7986 79 XSS 2017-04-25 2017-05-02
4.3
None Remote Medium Not required None Partial None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
7 CVE-2017-7984 79 XSS 2017-04-25 2017-05-02
4.3
None Remote Medium Not required None Partial None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
8 CVE-2017-7983 200 +Info 2017-04-25 2017-05-03
5.0
None Remote Low Not required Partial None None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
9 CVE-2015-8769 89 Exec Code Sql 2016-01-12 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2015-8565 22 Dir. Trav. 2015-12-16 2015-12-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
11 CVE-2015-8562 20 Exec Code 2015-12-16 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
12 CVE-2015-7899 284 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
13 CVE-2015-7859 200 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
14 CVE-2015-7858 89 Exec Code Sql 2015-10-29 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
15 CVE-2015-7857 89 Exec Code Sql 2015-10-29 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
16 CVE-2015-7297 89 Exec Code Sql 2015-10-29 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
17 CVE-2015-6939 79 XSS 2015-09-18 2016-12-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.