Total
588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4628 | 2 Joomla, Templateplaza | 2 Joomla\!, Com Tpdugg | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. | |||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | |||||
| CVE-2010-1977 | 2 Gohigheris, Joomla | 2 Com Jwhmcs, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1957 | 2 Joomla, Thefactory | 2 Joomla\!, Com Lovefactory | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0374 | 2 Codingfish, Joomla | 2 Com Marketplace, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | |||||
| CVE-2010-4898 | 2 Gantry-framework, Joomla | 2 Com Gantry, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. | |||||
| CVE-2010-3712 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. | |||||
| CVE-2010-5022 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
| CVE-2010-2846 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. | |||||
| CVE-2010-4638 | 2 Iptechinside, Joomla | 2 Com Jquarks4s, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | |||||
| CVE-2009-4431 | 2 Anything-digital, Joomla | 2 Com Jcalpro, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2010-1493 | 2 Awdsolution, Joomla | 2 Com Awdwall, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php. | |||||
| CVE-2010-4992 | 2 Joomla, Paymentsplus | 2 Joomla\!, Payments Plus | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. | |||||
| CVE-2011-4830 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2024-02-28 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. | |||||
| CVE-2012-1018 | 2 Dmackmedia, Joomla | 2 Mod Currencyconverter, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. | |||||
| CVE-2010-0467 | 2 Chillcreations, Joomla | 2 Com Ccnewsletter, Joomla\! | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | |||||
| CVE-2010-0692 | 2 Iptechinside, Joomla | 2 Com Jquarks, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4617 | 2 Joomla, Kanich | 2 Joomla\!, Com Jotloader | 2024-02-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | |||||
| CVE-2010-1491 | 2 Joomla, Mms.pipp | 2 Joomla\!, Com Mmsblog | 2024-02-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2845 | 2 Joomla, Schlu.net | 2 Joomla\!, Com Quickfaq | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php. | |||||