In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.