Total
588 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0459 | 2 Joomla, Yoflash | 2 Joomla\!, Com Mochigames | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2010-1307 | 2 Joomla, Software.realtyna | 2 Joomla\!, Com Joomlaupdater | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-2535 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. | |||||
CVE-2010-1949 | 2 Emultisoft, Joomla | 2 Com Jnewspaper, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-4769 | 2 Janguo, Joomla | 2 Com Jimtawl, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php. | |||||
CVE-2010-4990 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php. | |||||
CVE-2009-4575 | 2 Joomla, Qproje | 2 Joomla\!, Com Qpersonel | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php. | |||||
CVE-2010-1533 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Tweetla | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1721 | 2 Joomla, Thethinkery | 2 Joomla\!, Com Iproperty | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. | |||||
CVE-2010-1344 | 2 Cookex, Joomla | 2 Com Ckforms, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php. | |||||
CVE-2010-5048 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Jcomments | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. | |||||
CVE-2010-2035 | 2 Joomla, Percha | 2 Joomla\!, Com Perchagallery | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-4968 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Wmtpic | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
CVE-2010-2613 | 2 Harmistechnology, Joomla | 2 Com Awd Song, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | |||||
CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php. | |||||
CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | |||||
CVE-2010-4516 | 2 Joomla, Jxtended | 2 Joomla\!, Jxtended Comments | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-2622 | 2 Joomanager, Joomla | 2 Joomanager, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2010-4270 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. | |||||
CVE-2011-2892 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. |