Lucene search

K
JoomlaJoomla!3.4.4

22 matches found

CVE
CVE
added 2015/12/16 9:59 p.m.188 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5CVSS8AI score0.93238EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.95 views

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8CVSS9.2AI score0.02138EPSS
CVE
CVE
added 2017/07/26 3:29 p.m.76 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00505EPSS
CVE
CVE
added 2015/12/16 9:59 p.m.72 views

CVE-2015-8565

Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

7.5CVSS7.1AI score0.00064EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.69 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.00033EPSS
CVE
CVE
added 2015/10/29 8:59 p.m.65 views

CVE-2015-7297

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

7.5CVSS8.3AI score0.9323EPSS
CVE
CVE
added 2015/12/16 9:59 p.m.65 views

CVE-2015-8564

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

7.5CVSS7.1AI score0.00064EPSS
CVE
CVE
added 2017/07/17 9:29 p.m.62 views

CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.

7.5CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2017/08/02 2:29 p.m.59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.59 views

CVE-2017-7987

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

6.1CVSS6AI score0.00033EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.58 views

CVE-2017-7984

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

6.1CVSS5.8AI score0.00033EPSS
CVE
CVE
added 2015/12/16 9:59 p.m.53 views

CVE-2015-8563

Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.1AI score0.00006EPSS
CVE
CVE
added 2017/07/17 9:29 p.m.53 views

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.

6.1CVSS6.3AI score0.01383EPSS
CVE
CVE
added 2016/01/12 8:59 p.m.51 views

CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS7.6AI score0.00599EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.51 views

CVE-2017-7989

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

6.5CVSS6.2AI score0.0001EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.0001EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.49 views

CVE-2017-8057

In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.

5.3CVSS5.6AI score0.0001EPSS
CVE
CVE
added 2015/10/29 8:59 p.m.48 views

CVE-2015-7857

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

7.5CVSS8.4AI score0.84141EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.48 views

CVE-2017-7988

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

5.3CVSS5.5AI score0.0001EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.47 views

CVE-2016-9081

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.

9.8CVSS9.2AI score0.00213EPSS
CVE
CVE
added 2015/10/29 8:59 p.m.46 views

CVE-2015-7859

The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.2AI score0.00043EPSS
CVE
CVE
added 2015/10/29 8:59 p.m.40 views

CVE-2015-7899

The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.2AI score0.00044EPSS