Total
583 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2513 | 2 Harmistechnology, Joomla | 2 Com Jeajaxeventcalendar, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
CVE-2010-4898 | 2 Gantry-framework, Joomla | 2 Com Gantry, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. | |||||
CVE-2010-1529 | 2 Freestyle, Joomla | 2 Faqs Lite, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php. | |||||
CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-7302 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." | |||||
CVE-2010-2034 | 2 Joomla, Percha | 2 Joomla\!, Com Perchaimageattach | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-1979 | 2 Affiliatefeeds, Joomla | 2 Com Datafeeds, Joomla\! | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-5042 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4057 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. | |||||
CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | |||||
CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2023-12-10 | 9.3 HIGH | N/A |
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | |||||
CVE-2009-4104 | 2 Joomla, Lyften | 2 Joomla\!, Com Lyftenbloggie | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. | |||||
CVE-2009-3335 | 2 Joomla, Turtus | 2 Joomla\!, Turtushout | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. | |||||
CVE-2008-6182 | 1 Joomla | 2 Ignitegallery, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. | |||||
CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
CVE-2009-3417 | 2 Idojoomla, Joomla | 2 Com Idoblog, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | |||||
CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||
CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | |||||
CVE-2009-3368 | 2 Joomla, Joomlahbs | 2 Joomla\!, Com Hbssearch | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | |||||
CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. |