Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||||
CVE-2012-2748 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | |||||
CVE-2011-5004 | 2 Fabrikar, Joomla | 2 Com Fabrikar, Joomla\! | 2024-02-28 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2011-2891 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | |||||
CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | |||||
CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | |||||
CVE-2010-1471 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1875 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1353 | 2 Joomla, Wowjoomla | 2 Joomla\!, Com Loginbox | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | |||||
CVE-2010-2921 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Golfcourseguide | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | |||||
CVE-2010-1313 | 2 Joomla, Seber | 2 Joomla\!, Com Sebercart | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-7302 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." | |||||
CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | |||||
CVE-2010-4936 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Slideshow | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2010-4517 | 2 Harmistechnology, Joomla | 2 Com Jeauto, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | |||||
CVE-2010-2128 | 2 Harmistechnology, Joomla | 2 Com Jequoteform, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | |||||
CVE-2010-1352 | 2 Jooforge, Joomla | 2 Com Jukebox, Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2507 | 2 Joomla, Masselink | 2 Joomla\!, Com Picasa2gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2009-4599 | 2 Joomla, Joomshark | 2 Joomla, Com Jsjobs | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. | |||||
CVE-2010-4365 | 2 Harmistechnology, Joomla | 2 Com Jeajaxeventcalendar, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. |