Joomla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-6834 1Joomla 1Joomla Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
CVE-2006-6833 1Joomla 1Joomla Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
CVE-2006-6832 1Joomla 1Joomla Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2006-5049 1Joomla 2Classifieds Component Com Classifieds Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5047 1Joomla 1Rs Gallery2 Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.
CVE-2006-5046 1Joomla 1Rs Gallery2 Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."
CVE-2006-5044 2Joomla Mambo 2Prince Clan Chess Component Prince Clan Chess Component Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2006-5042 1Joomla 2Com Mosmedia Mosmedia Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5041 1Joomla 2Com Hotproperties Hot Properties Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5040 1Joomla 2Com Sef Sef4040x Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
CVE-2006-5039 1Joomla 2Com Events Events Module Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
CVE-2006-4996 1Joomla 1Joomlalib Apr 16, 2026 Sep 26, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
CVE-2006-4995 1Joomla 1Bsq Sitestats Apr 16, 2026 Sep 26, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4992 1Joomla 1Jd Wordpress Apr 16, 2026 Sep 26, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-com...Show more Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.Show less
CVE-2006-4556 2Joomla Mambo 2Jim Component Jim Component Apr 16, 2026 Sep 6, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another rese...Show more PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242Show less
CVE-2006-4553 2Joomla Mambo 2Com Comprofiler Component Com Comprofiler Component Apr 16, 2026 Sep 6, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path p...Show more PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2006-4476 1Joomla 1Joomla Apr 16, 2026 Aug 31, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options...Show more Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.Show less
CVE-2006-4475 1Joomla 1Joomla Apr 16, 2026 Aug 31, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
CVE-2006-4474 1Joomla 1Joomla Apr 16, 2026 Aug 31, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) S...Show more Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.Show less
CVE-2006-4473 1Joomla 1Joomla Apr 16, 2026 Aug 31, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.

Previous 1...23 242526 27 Next