Page 7 of 44 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. • http://securityreason.com/securityalert/1074 http://securitytracker.com/id?1016269 http://www.securityfocus.com/archive/1/436707/100/0/threaded http://www.securityfocus.com/bid/18363 https://exchange.xforce.ibmcloud.com/vulnerabilities/27135 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. • http://irannetjob.com/content/view/209/28 http://www.kapda.ir/advisory-313.html http://www.securityfocus.com/archive/1/431317/100/0/threaded •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. • http://secunia.com/advisories/19105 http://www.joomla.org/content/view/938/78 http://www.osvdb.org/23822 http://www.vupen.com/english/advisories/2006/0818 https://exchange.xforce.ibmcloud.com/vulnerabilities/25033 •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. • http://www.joomla.org/content/view/938/78 •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. • http://secunia.com/advisories/19105 http://www.joomla.org/content/view/938/78 http://www.osvdb.org/23819 http://www.vupen.com/english/advisories/2006/0818 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •