IDCVSSSummaryLast (major) updatePublished
CVE-2019-16725 4.3
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
24-09-2019 - 17:15 24-09-2019 - 17:15
CVE-2019-15028 5.0
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
14-08-2019 - 00:15 14-08-2019 - 00:15
CVE-2019-14654 6.5
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution
04-08-2019 - 21:15 04-08-2019 - 21:15
CVE-2019-12766 4.3
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
11-06-2019 - 15:29 11-06-2019 - 15:29
CVE-2019-12765 7.5
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
11-06-2019 - 15:29 11-06-2019 - 15:29
CVE-2019-12764 4.0
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
11-06-2019 - 15:29 11-06-2019 - 15:29
CVE-2019-11809 4.3
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
20-05-2019 - 09:29 20-05-2019 - 09:29
CVE-2019-10946 5.0
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
10-04-2019 - 15:29 10-04-2019 - 15:29
CVE-2019-10945 7.5
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
10-04-2019 - 15:29 10-04-2019 - 15:29
CVE-2019-9714 4.3
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
12-03-2019 - 14:29 12-03-2019 - 14:29
CVE-2019-9713 5.0
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
12-03-2019 - 14:29 12-03-2019 - 14:29
CVE-2019-9712 4.3
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
12-03-2019 - 14:29 12-03-2019 - 14:29
CVE-2019-9711 4.3
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
12-03-2019 - 14:29 12-03-2019 - 14:29
CVE-2019-7744 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7743 7.5
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .ph
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7742 4.3
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7741 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7740 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7739 4.3
An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an add
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-6264 4.3
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6263 3.5
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6262 3.5
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6261 4.3
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2018-17859 4.0
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
09-10-2018 - 17:29 09-10-2018 - 17:29
CVE-2018-17858 6.8
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
09-10-2018 - 17:29 09-10-2018 - 17:29
CVE-2018-17857 4.0
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
09-10-2018 - 17:29 09-10-2018 - 17:29
CVE-2018-17856 6.5
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
09-10-2018 - 17:29 09-10-2018 - 17:29
CVE-2018-17855 6.5
An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.
09-10-2018 - 17:29 09-10-2018 - 17:29
CVE-2018-15882 7.5
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
28-08-2018 - 23:29 28-08-2018 - 23:29
CVE-2018-15881 5.0
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
28-08-2018 - 23:29 28-08-2018 - 23:29
CVE-2018-15880 3.5
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
28-08-2018 - 23:29 28-08-2018 - 23:29
CVE-2018-12712 6.5
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local Fi
26-06-2018 - 15:29 26-06-2018 - 15:29
CVE-2018-12711 4.3
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of
26-06-2018 - 15:29 26-06-2018 - 15:29
CVE-2018-6378 4.3
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11328 2.6
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11327 4.0
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11326 3.5
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11325 5.0
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator a
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11324 4.3
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11323 6.5
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11322 6.0
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-11321 4.0
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
22-05-2018 - 11:29 22-05-2018 - 11:29
CVE-2018-8045 6.5
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
14-03-2018 - 21:29 14-03-2018 - 21:29
CVE-2018-6380 4.3
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6379 4.3
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6377 4.3
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6376 7.5
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2017-16634 7.5
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-16633 4.0
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-14596 5.0
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2017-14595 4.3
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2015-5608 5.8
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2017-11364 6.5
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
02-08-2017 - 10:29 02-08-2017 - 10:29
CVE-2017-11612 4.3
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
26-07-2017 - 11:29 26-07-2017 - 11:29
CVE-2017-9934 4.3
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-9933 5.0
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-8917 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
17-05-2017 - 19:29 17-05-2017 - 19:29
CVE-2017-7988 5.0
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
03-05-2017 - 09:11 25-04-2017 - 14:59
CVE-2017-8057 5.0
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
03-05-2017 - 09:09 25-04-2017 - 14:59
CVE-2017-7987 4.3
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
03-05-2017 - 09:05 25-04-2017 - 14:59
CVE-2017-7983 5.0
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
03-05-2017 - 08:20 25-04-2017 - 14:59
CVE-2017-7986 4.3
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
02-05-2017 - 14:15 25-04-2017 - 14:59
CVE-2017-7989 4.0
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
02-05-2017 - 14:06 25-04-2017 - 14:59
CVE-2017-7984 4.3
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
02-05-2017 - 14:06 25-04-2017 - 14:59
CVE-2016-9081 7.5
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
26-01-2017 - 10:07 23-01-2017 - 16:59
CVE-2013-5952 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php
30-12-2016 - 21:59 19-03-2014 - 10:17
CVE-2013-5583 4.3
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
30-12-2016 - 21:59 28-12-2013 - 23:25
CVE-2016-9837 5.0
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be public
22-12-2016 - 11:28 16-12-2016 - 04:59
CVE-2016-9838 5.0
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account an
22-12-2016 - 11:27 16-12-2016 - 04:59
CVE-2015-6939 4.3
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-12-2016 - 11:18 18-09-2015 - 12:59
CVE-2016-9836 7.5
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `
07-12-2016 - 14:27 05-12-2016 - 12:59
CVE-2015-8769 7.5
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
07-12-2016 - 13:30 12-01-2016 - 15:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-7858 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7857 7.5
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.p
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7297 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
07-12-2016 - 13:23 29-10-2015 - 16:59
CVE-2015-5397 6.8
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
07-12-2016 - 13:16 14-07-2015 - 12:59
CVE-2015-4654 7.5
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
07-12-2016 - 13:13 18-06-2015 - 14:59
CVE-2016-8869 7.5
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2016-8870 6.8
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Al
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2014-7228 7.5
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through
09-05-2016 - 11:36 03-11-2014 - 17:55
CVE-2015-8565 7.5
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
17-12-2015 - 12:30 16-12-2015 - 16:59
CVE-2015-8564 7.5
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
17-12-2015 - 12:30 16-12-2015 - 16:59
CVE-2015-8563 6.8
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
17-12-2015 - 12:28 16-12-2015 - 16:59
CVE-2015-7859 5.0
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
30-10-2015 - 15:40 29-10-2015 - 16:59
CVE-2015-7899 5.0
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
30-10-2015 - 15:37 29-10-2015 - 16:59
CVE-2014-0793 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to
13-08-2015 - 13:49 30-01-2014 - 13:55
CVE-2012-2413 4.3
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
22-10-2014 - 15:24 20-10-2014 - 10:55
CVE-2014-7982 4.3
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 21:50 08-10-2014 - 15:55
CVE-2014-7984 7.5
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
09-10-2014 - 21:49 08-10-2014 - 15:55
CVE-2014-7983 4.3
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 21:43 08-10-2014 - 15:55
CVE-2014-7981 7.5
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
09-10-2014 - 21:32 08-10-2014 - 15:55
CVE-2014-7229 5.0
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
09-10-2014 - 16:52 08-10-2014 - 15:55
CVE-2014-6631 4.3
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 14:07 08-10-2014 - 15:55
CVE-2014-6632 7.5
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
09-10-2014 - 12:46 08-10-2014 - 15:55
CVE-2014-0794 4.3
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
05-05-2014 - 01:32 26-01-2014 - 15:55
CVE-2013-5953 4.3
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via
05-05-2014 - 01:28 19-03-2014 - 10:17
CVE-2012-6514 4.3
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
05-05-2014 - 01:17 23-01-2013 - 20:55
CVE-2013-5955 4.3
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.p
20-03-2014 - 10:44 19-03-2014 - 10:17
CVE-2013-3242 5.5
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and caus
07-03-2014 - 08:46 03-05-2013 - 07:57
CVE-2013-5576 6.8
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous
30-11-2013 - 23:31 09-10-2013 - 10:54
CVE-2012-1611 5.0
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
03-10-2013 - 14:31 06-09-2012 - 17:55
CVE-2010-1491 5.0
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
13-09-2013 - 02:31 23-04-2010 - 10:30
CVE-2010-4993 7.5
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
09-09-2013 - 02:06 01-11-2011 - 18:55
CVE-2010-1354 5.0
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from
09-09-2013 - 01:58 12-04-2010 - 14:30
CVE-2010-0985 7.5
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of the
08-09-2013 - 01:55 16-03-2010 - 15:30
CVE-2010-0759 7.5
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via d
24-08-2013 - 02:12 26-02-2010 - 19:30
CVE-2010-0696 5.0
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
21-08-2013 - 02:18 23-02-2010 - 13:30
CVE-2006-7247 7.5
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
16-08-2013 - 01:46 06-09-2012 - 15:55
CVE-2010-1350 7.5
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
02-08-2013 - 02:32 12-04-2010 - 14:30
CVE-2010-4862 7.5
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
25-07-2013 - 12:28 05-10-2011 - 06:55
CVE-2010-1217 4.3
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NO
23-07-2013 - 04:57 30-03-2010 - 19:30
CVE-2010-4795 7.5
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are
21-07-2013 - 03:03 26-04-2011 - 20:55
CVE-2010-1534 5.0
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
18-07-2013 - 11:10 26-04-2010 - 14:30
CVE-2010-0467 5.0
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
17-07-2013 - 02:13 02-02-2010 - 12:30
CVE-2010-4739 7.5
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
04-07-2013 - 03:13 15-02-2011 - 22:00
CVE-2010-1721 7.5
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
04-07-2013 - 03:05 04-05-2010 - 12:00
CVE-2013-3719 4.3
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-06-2013 - 00:00 31-05-2013 - 08:20
CVE-2013-3534 4.3
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14-05-2013 - 00:00 13-05-2013 - 19:55
CVE-2013-3267 4.3
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 14:23 03-05-2013 - 07:57
CVE-2013-3059 4.3
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 14:19 03-05-2013 - 07:57
CVE-2013-3058 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2013-3057 4.0
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2013-3056 4.0
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2013-1454 5.0
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
26-03-2013 - 00:00 12-02-2013 - 20:55
CVE-2013-1453 7.5
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and poss
06-03-2013 - 00:00 12-02-2013 - 20:55
CVE-2012-4531 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
01-03-2013 - 23:45 31-10-2012 - 12:55
CVE-2013-1455 5.0
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
13-02-2013 - 13:01 12-02-2013 - 20:55
CVE-2012-6503 10.0
Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
29-01-2013 - 00:00 23-01-2013 - 20:55
CVE-2008-3498 7.5
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from
24-01-2013 - 00:00 06-08-2008 - 14:41
CVE-2011-5099 7.5
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
03-01-2013 - 23:33 14-08-2012 - 18:55
CVE-2006-1957 5.0
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
03-01-2013 - 00:00 21-04-2006 - 06:02
CVE-2012-1599 5.0
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
04-12-2012 - 09:54 03-12-2012 - 16:55
CVE-2012-1598 7.5
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
04-12-2012 - 09:49 03-12-2012 - 16:55
CVE-2010-5286 10.0
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
27-11-2012 - 00:00 26-11-2012 - 18:55
CVE-2010-5280 7.5
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a u
27-11-2012 - 00:00 26-11-2012 - 18:55
CVE-2012-5827 4.3
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
19-11-2012 - 23:51 11-11-2012 - 08:01
CVE-2012-5455 4.3
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
08-11-2012 - 00:00 22-10-2012 - 19:55
CVE-2008-5053 10.0
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
05-11-2012 - 23:11 13-11-2008 - 06:30
CVE-2012-4532 4.3
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: so
01-11-2012 - 12:28 31-10-2012 - 12:55
CVE-2012-1116 7.5
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15-10-2012 - 00:00 25-09-2012 - 20:55
CVE-2011-4911 5.0
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
08-10-2012 - 00:00 07-10-2012 - 17:55
CVE-2011-4910 4.3
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
08-10-2012 - 00:00 07-10-2012 - 17:55
CVE-2011-4909 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/
08-10-2012 - 00:00 07-10-2012 - 17:55
CVE-2012-5230 7.5
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.
02-10-2012 - 14:11 01-10-2012 - 16:55
CVE-2012-5232 4.3
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
02-10-2012 - 00:00 01-10-2012 - 16:55
CVE-2012-1117 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
26-09-2012 - 00:00 25-09-2012 - 20:55
CVE-2012-5101 7.5
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
24-09-2012 - 00:00 23-09-2012 - 13:55
CVE-2012-0836 5.0
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
13-09-2012 - 00:00 06-09-2012 - 15:55
CVE-2012-0821 5.0
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
13-09-2012 - 00:00 06-09-2012 - 15:55
CVE-2011-5134 6.0
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double e
13-09-2012 - 00:00 30-08-2012 - 18:55
CVE-2012-1612 4.3
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
07-09-2012 - 09:46 06-09-2012 - 17:55
CVE-2012-0837 5.0
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
07-09-2012 - 09:34 06-09-2012 - 15:55
CVE-2012-0820 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
07-09-2012 - 09:22 06-09-2012 - 15:55
CVE-2012-4868 7.5
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2012-0835 5.0
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
07-09-2012 - 00:00 06-09-2012 - 15:55
CVE-2012-0822 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.
07-09-2012 - 00:00 06-09-2012 - 15:55
CVE-2012-0819 5.0
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
07-09-2012 - 00:00 06-09-2012 - 15:55
CVE-2011-5148 6.8
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .ph
04-09-2012 - 00:00 31-08-2012 - 17:55
CVE-2011-5113 7.5
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
24-08-2012 - 00:00 23-08-2012 - 16:55
CVE-2011-5112 7.5
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
24-08-2012 - 00:00 23-08-2012 - 16:55
CVE-2012-2902 6.0
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by upload
18-08-2012 - 23:44 21-05-2012 - 14:55
CVE-2012-4256 5.0
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
14-08-2012 - 00:00 13-08-2012 - 14:55
CVE-2012-3554 7.5
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10-08-2012 - 09:59 10-08-2012 - 06:34
CVE-2012-4235 5.0
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.
10-08-2012 - 00:00 10-08-2012 - 06:34
CVE-2012-4071 4.3
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafte
10-08-2012 - 00:00 10-08-2012 - 06:34
CVE-2012-3829 5.0
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
17-07-2012 - 00:00 03-07-2012 - 18:55
CVE-2012-3828 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
17-07-2012 - 00:00 03-07-2012 - 18:55
CVE-2012-2748 5.0
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
17-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2008-4764 5.0
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
13-07-2012 - 00:00 27-10-2008 - 22:03
CVE-2012-2747 7.5
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
04-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2012-2901 4.3
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
22-05-2012 - 00:00 21-05-2012 - 14:55
CVE-2010-4949 4.3
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecifie
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4944 7.5
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4938 7.5
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unkno
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4929 7.5
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4904 7.5
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details ar
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4898 7.5
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2008-7302 7.5
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted fil
14-05-2012 - 00:00 04-10-2011 - 22:56
CVE-2011-3747 5.0
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
12-03-2012 - 00:00 23-09-2011 - 19:55
CVE-2011-5004 6.0
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable ex
16-02-2012 - 23:10 24-12-2011 - 20:55
CVE-2010-4975 7.5
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.
16-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-5003 7.5
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details a
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4995 7.5
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4994 7.5
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4992 7.5
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4977 7.5
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4971 4.3
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-4968 7.5
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4945 7.5
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4941 7.5
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4937 7.5
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4936 7.5
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4928 4.3
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4927 7.5
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4926 7.5
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4918 7.5
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4902 7.5
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4865 7.5
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4864 7.5
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4853 7.5
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4838 6.0
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2010-4837 4.3
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: so
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2012-1018 4.3
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
10-02-2012 - 00:00 07-02-2012 - 19:55
CVE-2011-4809 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) com
10-02-2012 - 00:00 13-12-2011 - 19:55
CVE-2011-4808 7.5
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
10-02-2012 - 00:00 13-12-2011 - 19:55
CVE-2011-4804 5.0
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
10-02-2012 - 00:00 13-12-2011 - 19:55
CVE-2011-4823 7.5
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action
09-02-2012 - 00:00 14-12-2011 - 22:57
CVE-2010-4990 7.5
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
21-12-2011 - 00:00 01-11-2011 - 18:55
CVE-2011-4830 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl
15-12-2011 - 14:01 14-12-2011 - 22:57
CVE-2011-4829 7.5
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
15-12-2011 - 13:56 14-12-2011 - 22:57
CVE-2009-3972 7.5
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2009-3971 7.5
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2009-3964 7.5
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2011-4571 7.5
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
29-11-2011 - 00:00 29-11-2011 - 06:55
CVE-2011-4570 7.5
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
29-11-2011 - 00:00 29-11-2011 - 06:55
CVE-2011-4332 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28-11-2011 - 00:00 23-11-2011 - 13:55
CVE-2011-4321 5.0
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
28-11-2011 - 00:00 23-11-2011 - 13:55
CVE-2010-5056 7.5
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5053 7.5
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5048 4.3
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2011-2710 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konquer
25-11-2011 - 22:56 27-07-2011 - 16:55
CVE-2010-4991 7.5
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.
21-11-2011 - 00:00 01-11-2011 - 18:55
CVE-2010-5028 7.5
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5022 7.5
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5044 6.0
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5043 6.0
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5042 4.3
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOT
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5032 7.5
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2006-4466 5.0
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be arg
11-10-2011 - 00:00 31-08-2006 - 16:04
CVE-2010-4794 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a js
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2008-0801 7.5
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid paramet
08-09-2011 - 00:00 15-02-2008 - 17:00
CVE-2006-1049 7.5
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
08-09-2011 - 00:00 07-03-2006 - 06:02
CVE-2007-2199 6.8
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management Sys
22-08-2011 - 00:00 24-04-2007 - 16:19
CVE-2011-2891 5.0
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
10-08-2011 - 22:52 27-07-2011 - 16:55
CVE-2011-2890 5.0
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the insta
10-08-2011 - 22:52 27-07-2011 - 16:55
CVE-2011-2889 5.0
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE:
10-08-2011 - 22:52 27-07-2011 - 16:55
CVE-2008-4623 7.5
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
05-08-2011 - 00:00 20-10-2008 - 21:18
CVE-2007-6663 7.5
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter
05-08-2011 - 00:00 04-01-2008 - 06:46
CVE-2011-2892 4.3
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
29-07-2011 - 00:00 27-07-2011 - 16:55
CVE-2011-2509 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2)
29-07-2011 - 00:00 27-07-2011 - 16:55
CVE-2010-3712 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to in
28-07-2011 - 22:40 27-10-2010 - 20:00
CVE-2011-2488 5.0
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
28-07-2011 - 00:00 27-07-2011 - 16:55
CVE-2009-4104 7.5
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
26-07-2011 - 00:00 29-11-2009 - 08:08
CVE-2008-1559 6.8
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
25-07-2011 - 00:00 31-03-2008 - 13:44
CVE-2008-1465 9.3
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-
25-07-2011 - 00:00 24-03-2008 - 17:44
CVE-2010-4696 7.5
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability
19-07-2011 - 00:00 18-01-2011 - 13:03
CVE-2010-4166 7.5
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a
19-07-2011 - 00:00 18-01-2011 - 13:03
CVE-2006-0114 5.0
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.
06-06-2011 - 00:00 09-01-2006 - 06:03
CVE-2006-5043 6.8
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_u
06-05-2011 - 00:00 27-09-2006 - 19:07
CVE-2010-0372 7.5
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
28-04-2011 - 00:00 21-01-2010 - 17:30
CVE-2009-4628 7.5
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4625 7.5
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute a
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4620 7.5
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4619 7.5
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2006-5048 6.8
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert
07-04-2011 - 00:00 27-09-2006 - 19:07
CVE-2010-4769 7.5
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
24-03-2011 - 00:00 23-03-2011 - 18:00
CVE-2009-0373 7.5
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
07-03-2011 - 22:18 30-01-2009 - 14:30
CVE-2008-6221 7.5
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
07-03-2011 - 22:15 20-02-2009 - 16:30
CVE-2008-5494 7.5
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5200 7.5
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
07-03-2011 - 22:14 21-11-2008 - 12:30
CVE-2008-5051 7.5
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
07-03-2011 - 22:13 12-11-2008 - 21:30
CVE-2008-1935 7.5
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
07-03-2011 - 22:08 25-04-2008 - 02:05
CVE-2008-0517 7.5
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
07-03-2011 - 22:04 31-01-2008 - 15:00
CVE-2007-5427 4.3
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
07-03-2011 - 22:00 12-10-2007 - 19:17
CVE-2007-5363 6.8
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE
07-03-2011 - 22:00 10-10-2007 - 21:17
CVE-2007-5309 6.8
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parame
07-03-2011 - 22:00 09-10-2007 - 17:17
CVE-2007-4923 6.8
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
07-03-2011 - 21:59 17-09-2007 - 13:17
CVE-2007-4190 4.3
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged fo
07-03-2011 - 21:57 07-08-2007 - 21:17
CVE-2007-4189 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NO
07-03-2011 - 21:57 07-08-2007 - 21:17
CVE-2007-4188 9.3
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
07-03-2011 - 21:57 07-08-2007 - 21:17
CVE-2006-6834 6.8
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-6833 7.5
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-6832 4.3
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-4476 7.5
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Im
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4475 7.5
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4474 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4473 5.1
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4472 7.5
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4471 6.5
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4470 7.5
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
07-03-2011 - 21:41 31-08-2006 - 16:04
CVE-2006-4469 7.5
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
07-03-2011 - 21:40 31-08-2006 - 16:04
CVE-2006-4468 6.8
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the la
07-03-2011 - 21:40 31-08-2006 - 16:04
CVE-2006-3481 7.5
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission
07-03-2011 - 21:38 10-07-2006 - 16:05
CVE-2006-3480 5.8
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_mess
07-03-2011 - 21:38 10-07-2006 - 16:05
CVE-2006-1048 5.0
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content
07-03-2011 - 21:31 07-03-2006 - 06:02
CVE-2006-1030 5.0
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
07-03-2011 - 21:31 06-03-2006 - 19:02
CVE-2005-3773 10.0
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
07-03-2011 - 21:27 22-11-2005 - 19:03
CVE-2005-3772 7.5
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
07-03-2011 - 21:27 22-11-2005 - 19:03
CVE-2005-3771 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
07-03-2011 - 21:27 22-11-2005 - 19:03
CVE-2010-4719 7.5
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
17-02-2011 - 00:00 01-02-2011 - 18:00
CVE-2010-4720 7.5
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
15-02-2011 - 00:00 01-02-2011 - 18:00
CVE-2010-4718 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.
15-02-2011 - 00:00 01-02-2011 - 18:00
CVE-2010-4702 7.5
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
04-02-2011 - 01:50 20-01-2011 - 14:00
CVE-2011-0511 7.5
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
27-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2008-6276 6.5
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting
20-01-2011 - 00:00 25-02-2009 - 18:30
CVE-2008-6275 4.3
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.
20-01-2011 - 00:00 25-02-2009 - 18:30
CVE-2008-6182 7.5
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
20-01-2011 - 00:00 19-02-2009 - 13:30
CVE-2011-0005 4.3
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
19-01-2011 - 02:02 10-01-2011 - 22:00
CVE-2009-4157 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled i
06-01-2011 - 00:00 02-12-2009 - 12:30
CVE-2010-4617 6.8
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
04-01-2011 - 00:00 29-12-2010 - 17:33
CVE-2010-4638 6.8
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a
31-12-2010 - 00:00 30-12-2010 - 16:00
CVE-2010-4618 4.3
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-12-2010 - 00:00 29-12-2010 - 17:33
CVE-2010-4405 4.3
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
16-12-2010 - 00:00 06-12-2010 - 08:37
CVE-2010-4404 7.5
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16-12-2010 - 00:00 06-12-2010 - 08:37
CVE-2010-4517 6.8
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
10-12-2010 - 00:00 09-12-2010 - 16:00
CVE-2010-4516 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10-12-2010 - 00:00 09-12-2010 - 16:00
CVE-2010-4365 7.5
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
02-12-2010 - 00:00 01-12-2010 - 11:06
CVE-2010-4268 7.5
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
18-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-4272 7.5
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
17-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-4270 5.0
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vect
17-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-0610 7.5
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parame
19-10-2010 - 00:00 11-02-2010 - 12:30
CVE-2010-2535 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
05-10-2010 - 00:00 05-10-2010 - 14:00
CVE-2010-3426 7.5
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
17-09-2010 - 00:00 16-09-2010 - 18:00
CVE-2010-3422 7.5
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
17-09-2010 - 00:00 16-09-2010 - 18:00
CVE-2010-3211 7.5
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter
06-09-2010 - 00:00 03-09-2010 - 14:00
CVE-2010-3203 5.0
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
06-09-2010 - 00:00 03-09-2010 - 14:00
CVE-2010-3028 3.6
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
17-08-2010 - 12:20 16-08-2010 - 16:00
CVE-2010-2923 7.5
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
02-08-2010 - 00:00 30-07-2010 - 16:30
CVE-2010-2921 7.5
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
02-08-2010 - 00:00 30-07-2010 - 16:30
CVE-2010-2920 6.8
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
02-08-2010 - 00:00 30-07-2010 - 16:30
CVE-2010-2919 7.5
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
02-08-2010 - 00:00 30-07-2010 - 16:30
CVE-2010-2918 7.5
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
02-08-2010 - 00:00 30-07-2010 - 16:30
CVE-2010-2910 7.5
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
29-07-2010 - 00:00 28-07-2010 - 17:30
CVE-2010-2909 7.5
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
29-07-2010 - 00:00 28-07-2010 - 17:30
CVE-2010-2908 7.5
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
29-07-2010 - 00:00 28-07-2010 - 17:30
CVE-2010-2907 7.5
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
29-07-2010 - 00:00 28-07-2010 - 17:30
CVE-2010-2851 7.5
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
29-07-2010 - 00:00 24-07-2010 - 22:04
CVE-2010-2845 7.5
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
29-07-2010 - 00:00 24-07-2010 - 22:04
CVE-2010-2848 5.0
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
26-07-2010 - 00:00 24-07-2010 - 22:04
CVE-2010-2847 7.5
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index
26-07-2010 - 00:00 24-07-2010 - 22:04
CVE-2010-2846 4.3
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
26-07-2010 - 00:00 24-07-2010 - 22:04
CVE-2009-1822 7.5
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or
26-07-2010 - 00:00 29-05-2009 - 12:30
CVE-2009-4946 6.8
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages act
23-07-2010 - 00:00 22-07-2010 - 14:30
CVE-2009-4938 7.5
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
23-07-2010 - 00:00 22-07-2010 - 01:40
CVE-2010-2679 7.5
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
16-07-2010 - 00:00 08-07-2010 - 18:30
CVE-2010-2678 7.5
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
16-07-2010 - 00:00 08-07-2010 - 18:30
CVE-2010-2694 7.5
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
13-07-2010 - 00:00 12-07-2010 - 13:30
CVE-2010-2690 7.5
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
12-07-2010 - 00:00 12-07-2010 - 09:27
CVE-2010-2682 7.5
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to inde
12-07-2010 - 00:00 12-07-2010 - 09:27
CVE-2010-2681 7.5
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
12-07-2010 - 00:00 12-07-2010 - 09:27
CVE-2010-2680 6.8
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to in
12-07-2010 - 00:00 12-07-2010 - 09:27
CVE-2010-1522 7.5
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_l
08-07-2010 - 01:40 02-07-2010 - 08:43
CVE-2010-2622 7.5
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
06-07-2010 - 00:00 02-07-2010 - 16:30
CVE-2010-2613 4.3
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to i
02-07-2010 - 00:00 02-07-2010 - 08:44
CVE-2010-2515 6.8
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated u
29-06-2010 - 00:00 28-06-2010 - 16:30
CVE-2010-2514 4.3
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
29-06-2010 - 00:00 28-06-2010 - 16:30
CVE-2010-2513 7.5
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
29-06-2010 - 00:00 28-06-2010 - 16:30
CVE-2010-2507 6.8
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller param
29-06-2010 - 00:00 28-06-2010 - 16:30
CVE-2009-4431 7.5
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_pat
29-06-2010 - 00:00 28-12-2009 - 14:00
CVE-2010-2464 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
28-06-2010 - 00:00 25-06-2010 - 17:30
CVE-2010-1649 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parame
25-06-2010 - 01:37 07-06-2010 - 20:30
CVE-2010-1479 7.5
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1478 6.8
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller paramet
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1477 7.5
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1476 6.8
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.ph
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1475 6.8
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter t
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1474 6.8
Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.p
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1473 6.8
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1472 7.5
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1471 7.5
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1470 7.5
Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1469 6.8
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the contro
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-1468 7.5
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter
11-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-2259 7.5
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
10-06-2010 - 00:00 09-06-2010 - 16:30
CVE-2010-2255 7.5
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary S
10-06-2010 - 00:00 09-06-2010 - 16:30
CVE-2010-2254 7.5
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
10-06-2010 - 00:00 09-06-2010 - 16:30
CVE-2010-1480 7.5
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party informa
08-06-2010 - 00:00 19-04-2010 - 15:30
CVE-2010-2148 7.5
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
07-06-2010 - 00:00 03-06-2010 - 10:30
CVE-2010-2147 4.3
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.
04-06-2010 - 00:00 03-06-2010 - 10:30
CVE-2009-4789 7.5
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.
03-06-2010 - 00:00 21-04-2010 - 10:30
CVE-2009-4785 7.5
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
03-06-2010 - 00:00 21-04-2010 - 10:30
CVE-2009-4784 7.5
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
03-06-2010 - 00:00 21-04-2010 - 10:30
CVE-2010-2129 6.8
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of thes
02-06-2010 - 00:00 01-06-2010 - 17:30
CVE-2010-2128 7.5
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
02-06-2010 - 00:00 01-06-2010 - 17:30
CVE-2010-2122 6.8
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
02-06-2010 - 00:00 01-06-2010 - 17:30
CVE-2010-1979 6.8
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
01-06-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1718 6.8
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.
01-06-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1717 6.8
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
01-06-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1716 7.5
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
01-06-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1715 6.8
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of th
01-06-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-2036 7.5
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter
26-05-2010 - 09:44 25-05-2010 - 10:30
CVE-2010-2050 7.5
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
26-05-2010 - 00:00 25-05-2010 - 14:30
CVE-2010-2046 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.ph
26-05-2010 - 00:00 25-05-2010 - 14:30
CVE-2010-2045 7.5
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
26-05-2010 - 00:00 25-05-2010 - 14:30
CVE-2010-2044 7.5
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.
26-05-2010 - 00:00 25-05-2010 - 14:30
CVE-2010-2037 7.5
Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller par
26-05-2010 - 00:00 25-05-2010 - 10:30
CVE-2010-2035 7.5
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to in
26-05-2010 - 00:00 25-05-2010 - 10:30
CVE-2010-2034 7.5
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter t
26-05-2010 - 00:00 25-05-2010 - 10:30
CVE-2010-2033 7.5
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller
26-05-2010 - 00:00 25-05-2010 - 10:30
CVE-2010-1495 7.5
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
26-05-2010 - 00:00 23-04-2010 - 10:30
CVE-2010-1540 5.0
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third par
24-05-2010 - 00:00 26-04-2010 - 15:30
CVE-2010-1535 7.5
Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1533 7.5
Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1531 7.5
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
24-05-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1307 5.0
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
21-05-2010 - 01:58 08-04-2010 - 12:30
CVE-2010-1306 7.5
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details ar
21-05-2010 - 01:58 08-04-2010 - 12:30
CVE-2010-1305 5.0
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the contr
21-05-2010 - 01:58 08-04-2010 - 12:30
CVE-2010-1983 7.5
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are
21-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1980 7.5
Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php
21-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1977 7.5
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
21-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1746 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
21-05-2010 - 00:00 06-05-2010 - 14:30
CVE-2010-1982 5.0
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
20-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1981 6.8
Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
20-05-2010 - 00:00 19-05-2010 - 16:00
CVE-2010-1957 7.5
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1956 7.5
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these detail
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1955 7.5
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1954 7.5
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these detai
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1953 7.5
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1952 7.5
Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1950 6.8
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1949 7.5
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third
19-05-2010 - 00:00 19-05-2010 - 08:07
CVE-2010-1878 7.5
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2010-1877 7.5
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2010-1875 7.5
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter t
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2010-1874 7.5
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these deta
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2010-1873 7.5
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these detai
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2010-1722 6.8
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
11-05-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1858 5.0
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
10-05-2010 - 00:00 07-05-2010 - 16:30
CVE-2010-1739 7.5
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
07-05-2010 - 00:00 06-05-2010 - 14:30
CVE-2010-1723 6.8
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller param
05-05-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1720 7.5
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
05-05-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1719 6.8
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
05-05-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1714 5.0
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
05-05-2010 - 00:00 04-05-2010 - 12:00
CVE-2010-1659 5.0
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
03-05-2010 - 00:00 03-05-2010 - 09:51
CVE-2010-1653 7.5
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
03-05-2010 - 00:00 03-05-2010 - 09:51
CVE-2010-1607 6.8
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter t
30-04-2010 - 00:00 29-04-2010 - 13:30
CVE-2010-1603 7.5
Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) i
30-04-2010 - 00:00 29-04-2010 - 13:30
CVE-2010-1602 7.5
Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php
30-04-2010 - 00:00 29-04-2010 - 13:30
CVE-2010-1601 5.0
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
30-04-2010 - 00:00 29-04-2010 - 13:30
CVE-2010-1600 7.5
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
30-04-2010 - 00:00 29-04-2010 - 13:30
CVE-2010-1559 7.5
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details
28-04-2010 - 00:00 27-04-2010 - 11:30
CVE-2010-1532 5.0
Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to
27-04-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1529 7.5
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
27-04-2010 - 00:00 26-04-2010 - 14:30
CVE-2010-1496 7.5
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
26-04-2010 - 15:17 23-04-2010 - 10:30
CVE-2010-1494 5.0
Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
26-04-2010 - 14:52 23-04-2010 - 10:30
CVE-2010-1493 7.5
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
26-04-2010 - 00:00 23-04-2010 - 10:30
CVE-2010-1312 5.0
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
22-04-2010 - 01:42 08-04-2010 - 16:30
CVE-2010-1461 5.0
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
19-04-2010 - 00:00 16-04-2010 - 15:30
CVE-2010-0753 7.5
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party
15-04-2010 - 01:41 26-02-2010 - 19:30
CVE-2010-0670 5.0
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors.
15-04-2010 - 01:41 22-02-2010 - 14:30
CVE-2010-1372 7.5
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
14-04-2010 - 00:00 13-04-2010 - 16:30
CVE-2010-1363 7.5
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.
14-04-2010 - 00:00 13-04-2010 - 14:30
CVE-2010-1352 5.0
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are ob
13-04-2010 - 17:31 12-04-2010 - 14:30
CVE-2010-1353 5.0
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
13-04-2010 - 00:00 12-04-2010 - 14:30
CVE-2010-1345 5.0
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
12-04-2010 - 00:00 09-04-2010 - 14:30
CVE-2010-1344 7.5
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.
12-04-2010 - 00:00 09-04-2010 - 14:30
CVE-2010-1340 5.0
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
12-04-2010 - 00:00 09-04-2010 - 14:30
CVE-2010-1219 6.8
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from
10-04-2010 - 01:49 30-03-2010 - 19:30
CVE-2010-1315 5.0
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to in
09-04-2010 - 00:00 08-04-2010 - 16:30
CVE-2010-1314 5.0
Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obt
09-04-2010 - 00:00 08-04-2010 - 16:30
CVE-2010-1313 4.3
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
09-04-2010 - 00:00 08-04-2010 - 16:30
CVE-2010-1308 5.0
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
09-04-2010 - 00:00 08-04-2010 - 12:30
CVE-2010-1304 5.0
Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
09-04-2010 - 00:00 08-04-2010 - 12:30
CVE-2010-1302 5.0
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
08-04-2010 - 00:00 07-04-2010 - 14:30
CVE-2010-1265 7.5
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
07-04-2010 - 00:00 06-04-2010 - 11:30
CVE-2010-1081 5.0
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
24-03-2010 - 15:30 23-03-2010 - 15:30
CVE-2010-1073 7.5
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.
24-03-2010 - 14:02 23-03-2010 - 14:30
CVE-2010-1056 6.8
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
24-03-2010 - 00:00 23-03-2010 - 13:30
CVE-2010-1045 7.5
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained fro
23-03-2010 - 00:00 22-03-2010 - 21:00
CVE-2010-0982 4.3
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
17-03-2010 - 14:44 16-03-2010 - 15:30
CVE-2010-0981 7.5
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
17-03-2010 - 00:00 16-03-2010 - 15:30
CVE-2010-0972 7.5
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
17-03-2010 - 00:00 16-03-2010 - 15:00
CVE-2010-0946 7.5
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0945 7.5
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0944 5.0
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0943 5.0
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0942 5.0
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2009-4679 7.5
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0803 7.5
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
03-03-2010 - 00:00 02-03-2010 - 15:30
CVE-2010-0801 3.5
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the control
03-03-2010 - 00:00 02-03-2010 - 15:30
CVE-2010-0800 7.5
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
03-03-2010 - 00:00 02-03-2010 - 15:30
CVE-2010-0796 7.5
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
03-03-2010 - 00:00 02-03-2010 - 15:30
CVE-2010-0795 7.5
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
03-03-2010 - 00:00 02-03-2010 - 15:30
CVE-2010-0692 7.5
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained
03-03-2010 - 00:00 23-02-2010 - 13:30
CVE-2010-0760 6.8
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery
01-03-2010 - 00:00 26-02-2010 - 19:30
CVE-2010-0694 7.5
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.
24-02-2010 - 00:00 23-02-2010 - 13:30
CVE-2010-0676 5.0
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.
23-02-2010 - 11:18 22-02-2010 - 15:30
CVE-2009-4651 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in
23-02-2010 - 00:00 22-02-2010 - 16:30
CVE-2009-4650 7.5
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of the
23-02-2010 - 00:00 22-02-2010 - 16:30
CVE-2010-0635 7.5
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of t
15-02-2010 - 00:00 12-02-2010 - 17:30
CVE-2010-0632 7.5
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
15-02-2010 - 00:00 12-02-2010 - 17:30
CVE-2010-0158 7.5
** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through
05-02-2010 - 00:00 06-01-2010 - 17:00
CVE-2010-0461 6.5
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
31-01-2010 - 00:00 28-01-2010 - 15:30
CVE-2010-0459 7.5
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
29-01-2010 - 00:00 28-01-2010 - 15:30
CVE-2010-0456 7.5
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
29-01-2010 - 00:00 28-01-2010 - 15:30
CVE-2010-0374 4.3
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
22-01-2010 - 00:00 21-01-2010 - 17:30
CVE-2010-0373 7.5
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
22-01-2010 - 00:00 21-01-2010 - 17:30
CVE-2009-4604 7.5
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
13-01-2010 - 08:48 12-01-2010 - 12:30
CVE-2009-4599 7.5
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter
13-01-2010 - 08:06 12-01-2010 - 12:30
CVE-2009-4598 7.5
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
13-01-2010 - 07:59 12-01-2010 - 12:30
CVE-2010-0157 7.5
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4583 7.5
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4579 4.3
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4578 4.3
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4576 7.5
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4575 4.3
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4573 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_
07-01-2010 - 00:00 06-01-2010 - 17:00
CVE-2009-4475 7.5
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
06-01-2010 - 00:00 30-12-2009 - 16:30
CVE-2009-4550 7.5
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
04-01-2010 - 00:00 04-01-2010 - 12:30
CVE-2009-4428 7.5
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
29-12-2009 - 00:00 28-12-2009 - 14:00
CVE-2009-4099 7.5
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these deta
19-12-2009 - 01:59 29-11-2009 - 08:08
CVE-2009-3480 7.5
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the detail
17-12-2009 - 00:00 30-09-2009 - 11:30
CVE-2009-4255 4.3
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php.
10-12-2009 - 00:00 09-12-2009 - 20:30
CVE-2009-4233 4.3
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these detai
09-12-2009 - 00:00 08-12-2009 - 14:30
CVE-2009-4232 5.0
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this inform
09-12-2009 - 00:00 08-12-2009 - 14:30
CVE-2009-4217 7.5
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this i
08-12-2009 - 00:00 07-12-2009 - 12:30
CVE-2009-4202 7.5
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to in
07-12-2009 - 00:00 04-12-2009 - 14:30
CVE-2009-4200 7.5
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
07-12-2009 - 00:00 04-12-2009 - 14:30
CVE-2009-4199 6.8
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parame
07-12-2009 - 00:00 04-12-2009 - 14:30
CVE-2009-4094 7.5
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
30-11-2009 - 00:00 29-11-2009 - 08:07
CVE-2009-4059 6.8
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
24-11-2009 - 00:00 23-11-2009 - 21:30
CVE-2009-4057 7.5
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
24-11-2009 - 00:00 23-11-2009 - 21:30
CVE-2009-3946 5.0
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
18-11-2009 - 00:00 16-11-2009 - 15:30
CVE-2009-3945 5.5
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
17-11-2009 - 00:00 16-11-2009 - 15:30
CVE-2009-3834 7.5
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
16-11-2009 - 00:00 02-11-2009 - 10:30
CVE-2009-3835 7.5
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
02-11-2009 - 00:00 02-11-2009 - 10:30
CVE-2009-3822 7.5
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
28-10-2009 - 00:00 28-10-2009 - 06:30
CVE-2009-3817 7.5
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector
28-10-2009 - 00:00 28-10-2009 - 06:30
CVE-2009-3669 7.5
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
12-10-2009 - 00:00 11-10-2009 - 18:30
CVE-2009-3661 6.8
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
12-10-2009 - 00:00 11-10-2009 - 18:30
CVE-2009-3645 7.5
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
12-10-2009 - 00:00 09-10-2009 - 10:30
CVE-2009-3644 7.5
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
12-10-2009 - 00:00 09-10-2009 - 10:30
CVE-2009-2100 5.0
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
08-10-2009 - 00:00 17-06-2009 - 13:30
CVE-2009-3491 7.5
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
02-10-2009 - 00:00 30-09-2009 - 11:30
CVE-2009-3481 7.5
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the det
01-10-2009 - 00:00 30-09-2009 - 11:30
CVE-2009-3446 7.5
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
29-09-2009 - 00:00 28-09-2009 - 18:30
CVE-2009-3443 7.5
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
29-09-2009 - 00:00 28-09-2009 - 18:30
CVE-2009-3438 7.5
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
29-09-2009 - 00:00 28-09-2009 - 18:30
CVE-2009-3434 7.5
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
29-09-2009 - 00:00 28-09-2009 - 18:30
CVE-2009-3417 7.5
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2009-3357 7.5
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php,
25-09-2009 - 00:00 24-09-2009 - 12:30
CVE-2009-3368 4.3
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to i
24-09-2009 - 00:00 24-09-2009 - 12:30
CVE-2009-3342 7.5
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
24-09-2009 - 00:00 24-09-2009 - 12:30
CVE-2009-3335 7.5
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
24-09-2009 - 00:00 24-09-2009 - 12:30
CVE-2009-3154 7.5
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-
24-09-2009 - 00:00 10-09-2009 - 14:30
CVE-2009-3334 7.5
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages acti
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3332 7.5
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3325 7.5
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3318 7.5
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3316 7.5
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3215 7.5
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
17-09-2009 - 09:33 16-09-2009 - 15:30
CVE-2009-3193 7.5
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
16-09-2009 - 00:00 15-09-2009 - 17:30
CVE-2009-3155 4.3
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
11-09-2009 - 00:00 10-09-2009 - 14:30
CVE-2009-3063 7.5
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
09-09-2009 - 00:00 03-09-2009 - 13:30
CVE-2009-3053 6.8
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable thro
09-09-2009 - 00:00 03-09-2009 - 13:30
CVE-2008-7169 7.5
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
08-09-2009 - 00:00 08-09-2009 - 06:30
CVE-2009-3054 7.5
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
04-09-2009 - 00:00 03-09-2009 - 13:30
CVE-2008-6882 7.5
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
01-09-2009 - 00:00 30-07-2009 - 15:30
CVE-2008-6881 7.5
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
27-08-2009 - 00:00 30-07-2009 - 15:30
CVE-2009-1263 7.5
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
24-08-2009 - 00:00 07-04-2009 - 19:30
CVE-2008-7033 7.5
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008
24-08-2009 - 00:00 24-08-2009 - 06:30
CVE-2008-5864 7.5
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails a
20-08-2009 - 01:24 06-01-2009 - 12:30
CVE-2009-2789 7.5
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the d
20-08-2009 - 00:00 17-08-2009 - 12:30
CVE-2008-6923 7.5
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
19-08-2009 - 01:24 10-08-2009 - 14:30
CVE-2008-6883 7.5
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the detai
19-08-2009 - 01:24 30-07-2009 - 16:00
CVE-2008-6653 7.5
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
19-08-2009 - 01:24 07-04-2009 - 10:17
CVE-2008-6088 7.5
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
19-08-2009 - 01:23 06-02-2009 - 14:30
CVE-2008-5865 7.5
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to inde
19-08-2009 - 01:22 06-01-2009 - 12:30
CVE-2008-5671 7.5
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
19-08-2009 - 01:22 18-12-2008 - 20:52
CVE-2008-4105 7.5
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
19-08-2009 - 01:19 18-09-2008 - 13:59
CVE-2008-4104 5.8
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
19-08-2009 - 01:19 18-09-2008 - 13:59
CVE-2008-4103 5.0
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
19-08-2009 - 01:19 18-09-2008 - 13:59
CVE-2008-4102 7.5
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability t
19-08-2009 - 01:19 18-09-2008 - 13:59
CVE-2009-2782 7.5
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
17-08-2009 - 00:00 17-08-2009 - 12:30
CVE-2008-6299 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module a
13-08-2009 - 01:29 26-02-2009 - 11:17
CVE-2009-2638 7.5
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
29-07-2009 - 00:00 28-07-2009 - 15:30
CVE-2009-2637 7.5
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29-07-2009 - 00:00 28-07-2009 - 15:30
CVE-2009-2635 7.5
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29-07-2009 - 00:00 28-07-2009 - 15:30
CVE-2009-2634 7.5
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29-07-2009 - 00:00 28-07-2009 - 15:30
CVE-2009-2633 7.5
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29-07-2009 - 00:00 28-07-2009 - 15:30
CVE-2008-1733 7.5
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
29-07-2009 - 00:00 11-04-2008 - 15:05
CVE-2009-2609 7.5
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
27-07-2009 - 00:00 27-07-2009 - 14:30
CVE-2009-2607 7.5
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
27-07-2009 - 00:00 27-07-2009 - 14:30
CVE-2009-2601 7.5
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
27-07-2009 - 00:00 27-07-2009 - 10:30
CVE-2009-2400 7.5
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
22-07-2009 - 15:11 09-07-2009 - 12:30
CVE-2009-2567 7.5
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
22-07-2009 - 00:00 22-07-2009 - 13:30
CVE-2009-2554 6.8
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter
22-07-2009 - 00:00 20-07-2009 - 16:00
CVE-2009-2014 7.5
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
21-07-2009 - 00:00 09-06-2009 - 15:30
CVE-2008-5875 7.5
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
10-07-2009 - 01:28 08-01-2009 - 14:30
CVE-2008-5874 7.5
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (
10-07-2009 - 01:28 08-01-2009 - 14:30
CVE-2009-2395 7.5
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
09-07-2009 - 00:00 09-07-2009 - 12:30
CVE-2009-2390 7.5
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
09-07-2009 - 00:00 09-07-2009 - 12:30
CVE-2008-6852 7.5
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
07-07-2009 - 00:00 07-07-2009 - 15:00
CVE-2009-2015 7.5
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
01-07-2009 - 23:31 09-06-2009 - 15:30
CVE-2009-2290 7.5
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
01-07-2009 - 00:00 01-07-2009 - 09:00
CVE-2008-6841 7.5
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfi
01-07-2009 - 00:00 01-07-2009 - 09:00
CVE-2009-2239 7.5
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands
30-06-2009 - 00:00 27-06-2009 - 14:48
CVE-2009-2102 7.5
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
23-06-2009 - 01:33 17-06-2009 - 13:30
CVE-2009-2099 7.5
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
23-06-2009 - 01:33 17-06-2009 - 13:30
CVE-2009-1940 4.3
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23-06-2009 - 01:33 05-06-2009 - 14:30
CVE-2009-1939 4.3
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23-06-2009 - 01:33 05-06-2009 - 14:30
CVE-2009-1938 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
23-06-2009 - 01:33 05-06-2009 - 14:30
CVE-2009-0730 6.8
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a detai
23-06-2009 - 00:00 24-02-2009 - 18:30
CVE-2008-3226 5.0
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
09-06-2009 - 01:25 18-07-2008 - 12:41
CVE-2008-3225 10.0
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
09-06-2009 - 01:25 18-07-2008 - 12:41
CVE-2009-1848 7.5
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
08-06-2009 - 00:00 01-06-2009 - 15:30
CVE-2009-1499 7.5
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the ven
20-05-2009 - 13:44 01-05-2009 - 12:30
CVE-2009-1736 7.5
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
20-05-2009 - 00:00 20-05-2009 - 15:30
CVE-2008-5957 7.5
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
14-05-2009 - 01:32 23-01-2009 - 14:00
CVE-2009-1496 5.0
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
01-05-2009 - 00:00 01-05-2009 - 12:30
CVE-2008-6172 6.8
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal
30-04-2009 - 01:32 19-02-2009 - 11:30
CVE-2008-6166 7.5
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
30-04-2009 - 01:32 18-02-2009 - 19:30
CVE-2008-6430 7.5
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
14-04-2009 - 01:40 06-03-2009 - 13:30
CVE-2008-6068 7.5
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
14-04-2009 - 01:40 10-02-2009 - 01:59
CVE-2009-1280 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
09-04-2009 - 00:00 09-04-2009 - 12:27
CVE-2009-1279 2.6
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statis
09-04-2009 - 00:00 09-04-2009 - 12:27
CVE-2009-1258 7.5
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details a
08-04-2009 - 00:00 07-04-2009 - 19:30
CVE-2008-6429 7.5
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
02-04-2009 - 01:43 06-03-2009 - 13:30
CVE-2008-5226 7.5
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5
01-04-2009 - 01:38 25-11-2008 - 14:30
CVE-2008-5208 7.5
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
01-04-2009 - 01:38 24-11-2008 - 12:30
CVE-2008-6489 7.5
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.
19-03-2009 - 00:00 19-03-2009 - 06:30
CVE-2008-6483 7.5
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_ab
19-03-2009 - 00:00 18-03-2009 - 11:30
CVE-2008-6481 7.5
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
19-03-2009 - 00:00 17-03-2009 - 15:30
CVE-2008-4777 7.5
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
18-03-2009 - 01:44 29-10-2008 - 10:22
CVE-2008-6482 6.8
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
18-03-2009 - 00:00 18-03-2009 - 11:30
CVE-2008-2633 7.5
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
13-03-2009 - 01:37 09-06-2008 - 20:32
CVE-2008-6347 7.5
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
02-03-2009 - 00:00 02-03-2009 - 11:30
CVE-2008-6337 7.5
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
02-03-2009 - 00:00 27-02-2009 - 12:30
CVE-2008-5811 7.5
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
26-02-2009 - 02:05 02-01-2009 - 13:11
CVE-2009-0726 7.5
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
25-02-2009 - 00:00 24-02-2009 - 18:30
CVE-2009-0706 7.5
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
24-02-2009 - 00:00 23-02-2009 - 10:30
CVE-2009-0702 7.5
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
24-02-2009 - 00:00 23-02-2009 - 10:30
CVE-2008-6234 7.5
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
24-02-2009 - 00:00 20-02-2009 - 20:30
CVE-2008-6184 7.5
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
24-02-2009 - 00:00 19-02-2009 - 13:30
CVE-2008-6222 5.0
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
23-02-2009 - 00:00 20-02-2009 - 16:30
CVE-2008-6181 7.5
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
20-02-2009 - 00:00 19-02-2009 - 13:30
CVE-2008-6149 7.5
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.
16-02-2009 - 00:00 16-02-2009 - 12:30
CVE-2008-6148 7.5
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.
16-02-2009 - 00:00 16-02-2009 - 12:30
CVE-2008-6116 7.5
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
12-02-2009 - 00:00 11-02-2009 - 12:30
CVE-2009-0494 7.5
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
10-02-2009 - 00:00 09-02-2009 - 20:30
CVE-2008-6080 5.0
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
06-02-2009 - 00:00 06-02-2009 - 06:30
CVE-2008-6076 7.5
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
06-02-2009 - 00:00 06-02-2009 - 06:30
CVE-2009-0421 7.5
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
05-02-2009 - 00:00 04-02-2009 - 19:30
CVE-2009-0420 7.5
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
05-02-2009 - 00:00 04-02-2009 - 19:30
CVE-2007-4778 7.5
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category
05-02-2009 - 00:00 10-09-2007 - 17:17
CVE-2007-4777 7.5
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.
05-02-2009 - 00:00 10-09-2007 - 17:17
CVE-2008-6050 7.5
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
04-02-2009 - 00:00 04-02-2009 - 10:30
CVE-2009-0381 7.5
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
02-02-2009 - 00:00 02-02-2009 - 14:00
CVE-2009-0380 7.5
** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index
02-02-2009 - 00:00 02-02-2009 - 14:00
CVE-2009-0379 7.5
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761
02-02-2009 - 00:00 02-02-2009 - 14:00
CVE-2009-0378 4.3
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
02-02-2009 - 00:00 02-02-2009 - 14:00
CVE-2009-0377 7.5
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
02-02-2009 - 00:00 02-02-2009 - 14:00
CVE-2009-0113 5.0
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
29-01-2009 - 02:01 09-01-2009 - 13:30
CVE-2008-5793 6.8
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a
29-01-2009 - 02:00 31-12-2008 - 06:30
CVE-2008-5789 7.5
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add
29-01-2009 - 02:00 31-12-2008 - 06:30
CVE-2008-5643 7.5
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
29-01-2009 - 01:59 17-12-2008 - 13:30
CVE-2008-5607 7.5
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
29-01-2009 - 01:59 16-12-2008 - 14:07
CVE-2008-4668 9.0
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
29-01-2009 - 01:57 22-10-2008 - 06:30
CVE-2008-4617 7.5
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-01-2009 - 01:56 20-10-2008 - 16:00
CVE-2008-4122 5.0
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
29-01-2009 - 01:55 19-12-2008 - 12:30
CVE-2008-2990 7.5
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
29-01-2009 - 01:51 02-07-2008 - 13:14
CVE-2009-0333 7.5
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
29-01-2009 - 00:00 29-01-2009 - 13:30
CVE-2009-0329 7.5
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
29-01-2009 - 00:00 29-01-2009 - 13:30
CVE-2008-5790 7.5
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.
02-01-2009 - 00:00 31-12-2008 - 06:30
CVE-2008-1848 4.3
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
19-12-2008 - 15:54 16-04-2008 - 13:05
CVE-2007-6645 7.5
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
15-11-2008 - 02:05 03-01-2008 - 20:46
CVE-2007-6644 6.5
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
15-11-2008 - 02:05 03-01-2008 - 20:46
CVE-2007-6643 4.3
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15-11-2008 - 02:05 03-01-2008 - 20:46
CVE-2007-6642 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspec
15-11-2008 - 02:05 03-01-2008 - 20:46
CVE-2007-5577 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multip
15-11-2008 - 02:01 18-10-2007 - 17:17
CVE-2007-5451 6.8
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
15-11-2008 - 02:01 14-10-2007 - 14:17
CVE-2007-5410 6.8
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site param
15-11-2008 - 02:00 12-10-2007 - 14:17
CVE-2007-5389 6.8
** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a rel
15-11-2008 - 02:00 12-10-2007 - 06:17
CVE-2007-5362 6.8
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter
15-11-2008 - 02:00 10-10-2007 - 21:17
CVE-2007-5310 6.8
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path param
15-11-2008 - 02:00 09-10-2007 - 17:17
CVE-2007-5065 7.5
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
15-11-2008 - 01:59 24-09-2007 - 18:17
CVE-2007-4781 6.6
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when
15-11-2008 - 01:58 10-09-2007 - 17:17
CVE-2007-4780 6.8
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
15-11-2008 - 01:58 10-09-2007 - 17:17
CVE-2007-4779 4.3
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
15-11-2008 - 01:58 10-09-2007 - 17:17
CVE-2007-4187 7.5
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) c
15-11-2008 - 01:56 07-08-2007 - 21:17
CVE-2007-4185 5.0
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/;
15-11-2008 - 01:56 07-08-2007 - 21:17
CVE-2007-0375 5.0
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other
15-11-2008 - 01:40 19-01-2007 - 18:28
CVE-2007-0374 7.5
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
15-11-2008 - 01:40 19-01-2007 - 18:28
CVE-2007-0373 6.8
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/webli
15-11-2008 - 01:40 19-01-2007 - 18:28
CVE-2007-0387 7.5
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
13-11-2008 - 01:31 19-01-2007 - 18:28
CVE-2008-3228 7.5
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
10-09-2008 - 21:12 18-07-2008 - 12:41
CVE-2008-3227 7.5
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
10-09-2008 - 21:12 18-07-2008 - 12:41
CVE-2008-2568 7.5
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
10-09-2008 - 21:10 06-06-2008 - 14:32
CVE-2008-2564 7.5
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
10-09-2008 - 21:10 06-06-2008 - 14:32
CVE-2008-2632 7.5
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
05-09-2008 - 17:40 09-06-2008 - 20:32
CVE-2008-0829 7.5
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
05-09-2008 - 17:36 19-02-2008 - 16:44
CVE-2008-0795 7.5
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
05-09-2008 - 17:36 15-02-2008 - 17:00
CVE-2008-0561 7.5
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
05-09-2008 - 17:35 04-02-2008 - 18:00
CVE-2007-6272 7.5
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the op
05-09-2008 - 17:32 07-12-2007 - 06:46
CVE-2007-5457 6.8
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_pa
05-09-2008 - 17:30 14-10-2007 - 15:17
CVE-2007-4184 7.5
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
05-09-2008 - 17:27 07-08-2007 - 21:17
CVE-2006-7010 7.5
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
05-09-2008 - 17:16 12-02-2007 - 18:28
CVE-2006-7009 7.5
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
05-09-2008 - 17:16 12-02-2007 - 18:28
CVE-2006-7008 7.5
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
05-09-2008 - 17:16 12-02-2007 - 18:28
CVE-2006-4996 10.0
Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
05-09-2008 - 17:11 25-09-2006 - 22:07
CVE-2006-2960 7.5
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
05-09-2008 - 17:05 12-06-2006 - 16:06
CVE-2006-1956 5.0
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
05-09-2008 - 17:03 21-04-2006 - 06:02
CVE-2006-1047 10.0
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
05-09-2008 - 17:00 07-03-2006 - 06:02
CVE-2006-1029 4.3
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using
05-09-2008 - 17:00 06-03-2006 - 19:02
CVE-2006-1028 7.8
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
05-09-2008 - 17:00 06-03-2006 - 19:02
CVE-2006-1027 5.0
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
05-09-2008 - 17:00 06-03-2006 - 19:02
CVE-2006-0303 10.0
Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.
05-09-2008 - 16:58 18-01-2006 - 19:03
CVE-2005-4650 5.0
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2008-2676 7.5
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
05-09-2008 - 00:00 12-06-2008 - 08:21
CVE-2008-2628 7.5
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
05-09-2008 - 00:00 09-06-2008 - 20:32
CVE-2008-1890 7.5
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solel
05-09-2008 - 00:00 18-04-2008 - 18:05
CVE-2008-1849 5.0
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
05-09-2008 - 00:00 16-04-2008 - 13:05
CVE-2008-1533 6.8
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
05-09-2008 - 00:00 27-03-2008 - 20:44
CVE-2008-1505 7.5
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.
05-09-2008 - 00:00 25-03-2008 - 15:44
CVE-2008-1460 7.5
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
05-09-2008 - 00:00 24-03-2008 - 14:44
CVE-2008-1459 7.5
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
05-09-2008 - 00:00 24-03-2008 - 14:44
Back to Top Mark selected
Back to Top