| CVE-2011-5112 |
high |
— |
8.5 |
EXP |
|
blueflyingfishjoomla |
14y ago |
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. |
| CVE-2011-5099 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
14y ago |
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id p… |
| CVE-2012-4256 |
medium |
— |
5.0 |
|
|
joobijoomla |
14y ago |
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. |
| CVE-2012-4235 |
medium |
— |
5.0 |
|
|
rsgallery2joomla |
14y ago |
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for … |
| CVE-2012-4071 |
medium |
— |
4.3 |
|
|
joomlarsgallery2 |
14y ago |
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker… |
| CVE-2012-3554 |
high |
— |
7.5 |
|
|
rsgallery2joomla |
14y ago |
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands … |
| CVE-2012-3829 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. |
| CVE-2012-3828 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. |
| CVE-2012-2748 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." |
| CVE-2012-2747 |
high |
— |
7.5 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." |
| CVE-2012-2902 |
medium |
— |
6.0 |
|
|
ryan_demmerjoomla |
14y ago |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem… |
| CVE-2012-2901 |
medium |
— |
4.3 |
|
|
ryan_demmerjoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the… |
| CVE-2012-1018 |
medium |
— |
5.3 |
EXP |
|
dmackmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… |
| CVE-2011-5004 |
medium |
— |
6.0 |
|
|
fabrikarjoomla |
15y ago |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit… |
| CVE-2011-4829 |
high |
— |
8.5 |
EXP |
|
barter-sitesjoomla |
15y ago |
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. |
| CVE-2011-4823 |
high |
— |
8.5 |
EXP |
|
extensionsforjoomlajoomla |
15y ago |
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re… |
| CVE-2011-4809 |
medium |
— |
5.3 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) l… |
| CVE-2011-4808 |
high |
— |
8.5 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action… |
| CVE-2011-4804 |
medium |
— |
6.0 |
EXP |
|
fooblajoomla |
15y ago |
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to i… |
| CVE-2011-4571 |
high |
— |
8.5 |
EXP |
|
eaimprovedjoomla |
15y ago |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. |
| CVE-2011-4570 |
high |
— |
8.5 |
EXP |
|
takeawebjoomla |
15y ago |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id paramete… |
| CVE-2011-4332 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-4321 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vector… |
| CVE-2010-5056 |
high |
— |
8.5 |
EXP |
|
gbu_graficijoomla |
15y ago |
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action… |
| CVE-2010-5053 |
high |
— |
8.5 |
EXP |
|
php-shop-systemjoomla |
15y ago |
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph… |
| CVE-2010-5048 |
medium |
— |
5.3 |
EXP |
|
joomlatunejoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web scr… |
| CVE-2010-5044 |
medium |
— |
7.0 |
EXP |
|
kanichjoomla |
15y ago |
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQ… |
| CVE-2010-5043 |
medium |
— |
7.0 |
EXP |
|
blueconstantmediajoomla |
15y ago |
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editI… |
| CVE-2010-5042 |
medium |
— |
5.3 |
EXP |
|
blueconstantmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in … |
| CVE-2010-5032 |
high |
— |
8.5 |
EXP |
|
tamlyncreativejoomla |
15y ago |
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti… |
| CVE-2010-5028 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde… |
| CVE-2010-5022 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. |
| CVE-2010-4971 |
medium |
— |
5.3 |
EXP |
|
videowhisperjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. |
| CVE-2010-5003 |
high |
— |
8.5 |
EXP |
|
autarticajoomla |
15y ago |
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial … |
| CVE-2010-4995 |
high |
— |
8.5 |
EXP |
|
neojoomlajoomla |
15y ago |
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t… |
| CVE-2010-4994 |
high |
— |
7.5 |
|
|
instantphpjoomla |
15y ago |
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. |
| CVE-2010-4993 |
high |
— |
8.5 |
EXP |
|
kay_messerschmidtjoomla |
15y ago |
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| CVE-2010-4992 |
high |
— |
8.5 |
EXP |
|
paymentsplusjoomla |
15y ago |
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. |
| CVE-2010-4991 |
high |
— |
8.5 |
EXP |
|
ninjaforgejoomla |
15y ago |
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde… |
| CVE-2010-4990 |
high |
— |
8.5 |
EXP |
|
b-elektrojoomla |
15y ago |
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti… |
| CVE-2010-4977 |
high |
— |
8.5 |
EXP |
|
miniworkjoomla |
15y ago |
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. |
| CVE-2010-4975 |
high |
— |
8.5 |
EXP |
|
techjoomlajoomla |
15y ago |
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in … |
| CVE-2010-4968 |
high |
— |
8.5 |
EXP |
|
webmaster-tipsjoomla |
15y ago |
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.… |
| CVE-2010-4949 |
medium |
— |
5.3 |
EXP |
|
evnixjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary… |
| CVE-2010-4945 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-4944 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
15y ago |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProf… |
| CVE-2010-4941 |
high |
— |
8.5 |
EXP |
|
joomlamojoomla |
15y ago |
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save act… |
| CVE-2010-4938 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.… |
| CVE-2010-4937 |
high |
— |
8.5 |
EXP |
|
robitbtjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to in… |
| CVE-2010-4936 |
high |
— |
7.5 |
|
|
webmaster-tipsjoomla |
15y ago |
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| CVE-2010-4929 |
high |
— |
8.5 |
EXP |
|
joostina-cmsjoomla |
15y ago |
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. |
| CVE-2010-4928 |
medium |
— |
5.3 |
EXP |
|
photoindochinajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a… |
| CVE-2010-4927 |
high |
— |
8.5 |
EXP |
|
photoindochinajoomla |
15y ago |
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country actio… |
| CVE-2010-4926 |
high |
— |
8.5 |
EXP |
|
timetrackjoomla |
15y ago |
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to ind… |
| CVE-2010-4918 |
high |
— |
8.5 |
EXP |
|
ijoomlajoomla |
15y ago |
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magaz… |
| CVE-2010-4904 |
high |
— |
8.5 |
EXP |
|
simon_philipsjoomla |
15y ago |
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view a… |
| CVE-2010-4902 |
high |
— |
8.5 |
EXP |
|
joomla-clantoolsjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame paramete… |
| CVE-2010-4898 |
high |
— |
8.5 |
EXP |
|
gantry-frameworkjoomla |
15y ago |
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. |
| CVE-2010-4865 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail acti… |
| CVE-2010-4864 |
high |
— |
8.5 |
EXP |
|
danieljamesscottjoomla |
15y ago |
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action t… |
| CVE-2010-4862 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item ac… |
| CVE-2010-4853 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
15y ago |
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. |
| CVE-2008-7302 |
high |
— |
7.5 |
|
|
netshinesoftwarejoomla |
15y ago |
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving… |
| CVE-2011-3747 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmai… |
| CVE-2010-4838 |
medium |
— |
7.0 |
EXP |
|
extensiondepotjoomla |
15y ago |
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the a… |
| CVE-2010-4837 |
medium |
— |
5.3 |
EXP |
|
extensiondepotjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title fie… |
| CVE-2011-2892 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web … |
| CVE-2011-2891 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a differe… |
| CVE-2011-2890 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving th… |
| CVE-2011-2889 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, lead… |
| CVE-2011-2710 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable throug… |
| CVE-2011-2509 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-2488 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2010-4795 |
high |
— |
8.5 |
EXP |
|
joomlasellerjoomla |
15y ago |
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details ac… |
| CVE-2010-4794 |
medium |
— |
5.3 |
EXP |
|
joomlasellerjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTM… |
| CVE-2010-4769 |
high |
— |
8.5 |
EXP |
|
janguojoomla |
15y ago |
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in… |
| CVE-2010-4739 |
high |
— |
7.5 |
|
|
aretimesjoomla |
16y ago |
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index… |
| CVE-2010-4720 |
high |
— |
7.5 |
|
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the v… |
| CVE-2010-4719 |
high |
— |
8.5 |
EXP |
|
fxwebdesignjoomla |
16y ago |
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet… |
| CVE-2010-4718 |
medium |
— |
4.3 |
|
|
lyftenjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag … |
| CVE-2011-0511 |
high |
— |
8.5 |
EXP |
|
joomtradersjoomla |
16y ago |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-4702 |
high |
— |
7.5 |
|
|
fxwebdesignjoomla |
16y ago |
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4696 |
high |
— |
7.5 |
|
|
joomla |
16y ago |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_cont… |
| CVE-2010-4166 |
high |
— |
7.5 |
|
|
joomla |
16y ago |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to … |
| CVE-2011-0005 |
medium |
— |
5.3 |
EXP |
|
joomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.p… |
| CVE-2010-4638 |
medium |
— |
7.8 |
EXP |
|
iptechinsidejoomla |
16y ago |
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to exec… |
| CVE-2010-4618 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4617 |
medium |
— |
7.8 |
EXP |
|
kanichjoomla |
16y ago |
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section paramet… |
| CVE-2010-4517 |
medium |
— |
7.8 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cha… |
| CVE-2010-4516 |
medium |
— |
4.3 |
|
|
jxtendedjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4405 |
medium |
— |
4.3 |
|
|
anything-digitaljoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4404 |
high |
— |
7.5 |
|
|
anything-digitaljoomla |
16y ago |
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4365 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleve… |
| CVE-2010-4272 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.p… |
| CVE-2010-4270 |
medium |
— |
5.0 |
|
|
netshinesoftwarejoomla |
16y ago |
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files vi… |
| CVE-2010-4268 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| CVE-2010-3712 |
medium |
— |
4.3 |
|
|
joomla |
16y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded e… |
| CVE-2010-3426 |
high |
— |
8.5 |
EXP |
|
4you-studiojoomla |
16y ago |
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in… |
| CVE-2010-3422 |
high |
— |
8.5 |
EXP |
|
solventusjoomla |
16y ago |
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| CVE-2010-3211 |
high |
— |
8.5 |
EXP |
|
jextnjoomla |
16y ago |
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with … |
