Total
588 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4578 | 3 Facileforms, Joomla, Mambo-foundation | 3 Facileforms, Joomla\!, Mambo | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. | |||||
CVE-2010-4994 | 2 Instantphp, Joomla | 2 Jobs Pro, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. | |||||
CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2010-1540 | 2 Joomla, Myblog | 2 Joomla\!, Com Myblog | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-3426 | 2 4you-studio, Joomla | 2 Com Jphone, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-5042 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1858 | 2 Gelembjuk, Joomla | 2 Com Smestorage, Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
CVE-2010-2919 | 2 Joomla, Joomlaxt | 2 Joomla\!, Com Staticxt | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2010-1469 | 2 Joomla, Ternaria | 2 Joomla\!, Com Jprojectmanager | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1535 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Travelbook | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1305 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Jinventory | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2011-4829 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | |||||
CVE-2010-4937 | 2 Joomla, Robitbt | 2 Joomla\!, Com Amblog | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. | |||||
CVE-2010-1601 | 2 Joomla, Joomlamart | 2 Joomla\!, Com Jacomment | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | |||||
CVE-2010-0981 | 2 Joomla, Templateplazza | 2 Joomla\!, Com Tpjobs | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php. | |||||
CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | |||||
CVE-2010-1479 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. | |||||
CVE-2010-3211 | 2 Jextn, Joomla | 2 Com Jefaqpro, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. | |||||
CVE-2009-4679 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. |