Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1217 | 2 Je Form Creator, Joomla | 2 Je Form Creator, Joomla | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. | |||||
CVE-2010-1073 | 2 Joomla, Joshprakash | 2 Joomla\!, Com Jembed | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. | |||||
CVE-2010-1534 | 2 Joomla, Joomla.batjo | 2 Joomla\!, Com Shoutbox | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2009-4620 | 2 Joomla, Joomloc | 2 Joomla\!, Com Joomloc | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
CVE-2010-1472 | 2 Joomla, Kazulah | 2 Joomla\!, Com Horoscope | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1496 | 2 Jolt, Joomla | 2 Com Joltcard, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php. | |||||
CVE-2011-3747 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | |||||
CVE-2011-4570 | 2 Joomla, Takeaweb | 2 Joomla\!, Com Timereturns | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | |||||
CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1719 | 2 Joomla, Moto-treks | 2 Joomla\!, Com Mtfireeagle | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2011-0511 | 2 Joomla, Joomtraders | 2 Joomla\!, Com Allcinevid | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2010-4928 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Restaurantguide | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. | |||||
CVE-2010-0753 | 2 Componentslab, Joomla | 2 Com Sqlreport, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2148 | 2 Joomla, Unisoft | 2 Joomla\!, Com Mycar | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. | |||||
CVE-2011-2710 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. | |||||
CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | |||||
CVE-2010-1473 | 2 Johnmccollum, Joomla | 2 Com Advertising, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-0694 | 2 Joomla, Percha | 2 Joomla, Com Perchagallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. | |||||
CVE-2010-1954 | 2 Joomla, Joomlacomponent.inetlanka | 2 Joomla\!, Com Multiroot | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0942 | 2 Joomla, Jvideodirect | 2 Joomla\!, Com Jvideodirect | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |