| CVE-2011-4332 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-4321 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vector… |
| CVE-2010-5048 |
medium |
— |
5.3 |
EXP |
|
joomlatunejoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web scr… |
| CVE-2010-5044 |
medium |
— |
7.0 |
EXP |
|
kanichjoomla |
15y ago |
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQ… |
| CVE-2010-5043 |
medium |
— |
7.0 |
EXP |
|
blueconstantmediajoomla |
15y ago |
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editI… |
| CVE-2010-5042 |
medium |
— |
5.3 |
EXP |
|
blueconstantmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in … |
| CVE-2010-4971 |
medium |
— |
5.3 |
EXP |
|
videowhisperjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. |
| CVE-2010-4949 |
medium |
— |
5.3 |
EXP |
|
evnixjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary… |
| CVE-2010-4928 |
medium |
— |
5.3 |
EXP |
|
photoindochinajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a… |
| CVE-2011-3747 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmai… |
| CVE-2010-4838 |
medium |
— |
7.0 |
EXP |
|
extensiondepotjoomla |
15y ago |
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the a… |
| CVE-2010-4837 |
medium |
— |
5.3 |
EXP |
|
extensiondepotjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title fie… |
| CVE-2011-2892 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web … |
| CVE-2011-2891 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a differe… |
| CVE-2011-2890 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving th… |
| CVE-2011-2889 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, lead… |
| CVE-2011-2710 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable throug… |
| CVE-2011-2509 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-2488 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2010-4794 |
medium |
— |
5.3 |
EXP |
|
joomlasellerjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTM… |
| CVE-2010-4718 |
medium |
— |
4.3 |
|
|
lyftenjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag … |
| CVE-2011-0005 |
medium |
— |
5.3 |
EXP |
|
joomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.p… |
| CVE-2010-4638 |
medium |
— |
7.8 |
EXP |
|
iptechinsidejoomla |
16y ago |
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to exec… |
| CVE-2010-4618 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4617 |
medium |
— |
7.8 |
EXP |
|
kanichjoomla |
16y ago |
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section paramet… |
| CVE-2010-4517 |
medium |
— |
7.8 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cha… |
| CVE-2010-4516 |
medium |
— |
4.3 |
|
|
jxtendedjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4405 |
medium |
— |
4.3 |
|
|
anything-digitaljoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4270 |
medium |
— |
5.0 |
|
|
netshinesoftwarejoomla |
16y ago |
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files vi… |
| CVE-2010-3712 |
medium |
— |
4.3 |
|
|
joomla |
16y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded e… |
| CVE-2010-2535 |
low |
— |
3.5 |
|
|
joomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. |
| CVE-2010-3203 |
medium |
— |
6.0 |
EXP |
|
xmlswfjoomla |
16y ago |
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfr… |
| CVE-2010-3028 |
low |
— |
3.6 |
|
|
simon_philipsjoomla |
16y ago |
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. |
| CVE-2010-2920 |
medium |
— |
7.8 |
EXP |
|
fooblajoomla |
16y ago |
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in… |
| CVE-2010-2848 |
medium |
— |
6.0 |
EXP |
|
gonzalo_maserjoomla |
16y ago |
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary… |
| CVE-2010-2846 |
medium |
— |
5.3 |
EXP |
|
gonzalo_maserjoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg para… |
| CVE-2009-4946 |
medium |
— |
6.8 |
|
|
thetrickyjoomla |
16y ago |
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequ… |
| CVE-2010-2680 |
medium |
— |
7.8 |
EXP |
|
harmistechnologyjoomla |
16y ago |
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via direct… |
| CVE-2010-2613 |
medium |
— |
5.3 |
EXP |
|
harmistechnologyjoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, … |
| CVE-2010-2515 |
medium |
— |
6.8 |
|
|
dacian_strainjoomla |
16y ago |
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands v… |
| CVE-2010-2514 |
medium |
— |
4.3 |
|
|
dacian_strainjoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action t… |
| CVE-2010-2507 |
medium |
— |
7.8 |
EXP |
|
masselinkjoomla |
16y ago |
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified othe… |
| CVE-2010-2464 |
medium |
— |
5.3 |
EXP |
|
rsjoomlajoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) webs… |
| CVE-2010-1649 |
medium |
— |
4.3 |
|
|
joomla |
16y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2010-2147 |
medium |
— |
5.3 |
EXP |
|
unisoftjoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. |
| CVE-2010-2129 |
medium |
— |
7.8 |
EXP |
|
harmistechnologyjoomla |
16y ago |
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in t… |
| CVE-2010-2122 |
medium |
— |
7.8 |
EXP |
|
joelrowleyjoomla |
16y ago |
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot)… |
| CVE-2010-2046 |
medium |
— |
4.3 |
|
|
activehelperjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML … |
| CVE-2010-1982 |
medium |
— |
6.0 |
EXP |
|
joomlartjoomla |
16y ago |
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. |
| CVE-2010-1979 |
medium |
— |
7.8 |
EXP |
|
affiliatefeedsjoomla |
16y ago |
Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller param… |
| CVE-2010-1950 |
medium |
— |
7.8 |
EXP |
|
emultisoftjoomla |
16y ago |
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands v… |
| CVE-2010-1858 |
medium |
— |
6.0 |
EXP |
|
gelembjukjoomla |
16y ago |
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controll… |
| CVE-2010-1746 |
medium |
— |
5.3 |
EXP |
|
toolsjxjoomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp … |
| CVE-2010-1723 |
medium |
— |
7.8 |
EXP |
|
joomlacomponent.inetlankajoomla |
16y ago |
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified othe… |
| CVE-2010-1722 |
medium |
— |
7.8 |
EXP |
|
dev.pucit.edu.pkjoomla |
16y ago |
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot … |
| CVE-2010-1719 |
medium |
— |
7.8 |
EXP |
|
moto-treksjoomla |
16y ago |
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. … |
| CVE-2010-1718 |
medium |
— |
7.8 |
EXP |
|
lispeltuutjoomla |
16y ago |
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a… |
| CVE-2010-1715 |
medium |
— |
7.8 |
EXP |
|
pucit.edujoomla |
16y ago |
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the c… |
| CVE-2010-1714 |
medium |
— |
6.0 |
EXP |
|
dev.pucit.edu.pkjoomla |
16y ago |
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to ind… |
| CVE-2010-1659 |
medium |
— |
6.0 |
EXP |
|
webkuljoomla |
16y ago |
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller para… |
| CVE-2010-1607 |
medium |
— |
7.8 |
EXP |
|
paysysprojoomla |
16y ago |
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local fil… |
| CVE-2010-1601 |
medium |
— |
6.0 |
EXP |
|
joomlamartjoomla |
16y ago |
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. |
| CVE-2010-1540 |
medium |
— |
6.0 |
EXP |
|
myblogjoomla |
16y ago |
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE… |
| CVE-2010-1534 |
medium |
— |
6.0 |
EXP |
|
joomla.batjojoomla |
16y ago |
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1532 |
medium |
— |
6.0 |
EXP |
|
givesightjoomla |
16y ago |
Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact… |
| CVE-2010-1494 |
medium |
— |
6.0 |
EXP |
|
awdsolutionjoomla |
16y ago |
Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1491 |
medium |
— |
6.0 |
EXP |
|
mms.pippjoomla |
16y ago |
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot do… |
| CVE-2010-1478 |
medium |
— |
7.8 |
EXP |
|
ternariajoomla |
16y ago |
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other … |
| CVE-2010-1476 |
medium |
— |
7.8 |
EXP |
|
alphaplugjoomla |
16y ago |
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact v… |
| CVE-2010-1475 |
medium |
— |
7.8 |
EXP |
|
ternariajoomla |
16y ago |
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impa… |
| CVE-2010-1474 |
medium |
— |
7.8 |
EXP |
|
supachai_teasakuljoomla |
16y ago |
Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a … |
| CVE-2010-1473 |
medium |
— |
7.8 |
EXP |
|
johnmccollumjoomla |
16y ago |
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (… |
| CVE-2010-1469 |
medium |
— |
7.8 |
EXP |
|
ternariajoomla |
16y ago |
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspec… |
| CVE-2010-1461 |
medium |
— |
6.0 |
EXP |
|
gogoritasjoomla |
16y ago |
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. |
| CVE-2010-1354 |
medium |
— |
6.0 |
EXP |
|
ternariajoomla |
16y ago |
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.… |
| CVE-2010-1353 |
medium |
— |
6.0 |
EXP |
|
wowjoomlajoomla |
16y ago |
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. |
| CVE-2010-1352 |
medium |
— |
6.0 |
EXP |
|
jooforgejoomla |
16y ago |
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramete… |
| CVE-2010-1345 |
medium |
— |
6.0 |
EXP |
|
cookexjoomla |
16y ago |
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter… |
| CVE-2010-1340 |
medium |
— |
6.0 |
EXP |
|
joomla-researchjoomla |
16y ago |
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramet… |
| CVE-2010-1315 |
medium |
— |
6.0 |
EXP |
|
joomlamojoomla |
16y ago |
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files v… |
| CVE-2010-1314 |
medium |
— |
6.0 |
EXP |
|
joomlanookjoomla |
16y ago |
Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter… |
| CVE-2010-1313 |
medium |
— |
5.3 |
EXP |
|
seberjoomla |
16y ago |
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via… |
| CVE-2010-1312 |
medium |
— |
6.0 |
EXP |
|
ijoomlajoomla |
16y ago |
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramet… |
| CVE-2010-1308 |
medium |
— |
6.0 |
EXP |
|
la-souris-vertejoomla |
16y ago |
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1307 |
medium |
— |
6.0 |
EXP |
|
software.realtynajoomla |
16y ago |
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to inde… |
| CVE-2010-1305 |
medium |
— |
6.0 |
EXP |
|
joomlamojoomla |
16y ago |
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to r… |
| CVE-2010-1304 |
medium |
— |
6.0 |
EXP |
|
joomlamojoomla |
16y ago |
Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the control… |
| CVE-2010-1302 |
medium |
— |
6.0 |
EXP |
|
decryptwebjoomla |
16y ago |
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequence… |
| CVE-2010-1219 |
medium |
— |
7.8 |
EXP |
|
com_janewsjoomla |
16y ago |
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.p… |
| CVE-2010-1217 |
medium |
— |
5.3 |
EXP |
|
je_form_creatorjoomla |
16y ago |
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory travers… |
| CVE-2010-1081 |
medium |
— |
6.0 |
EXP |
|
corejoomlajoomla |
16y ago |
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot… |
| CVE-2010-1056 |
medium |
— |
7.8 |
EXP |
|
rocketthemejoomla |
16y ago |
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in … |
| CVE-2010-0982 |
medium |
— |
5.3 |
EXP |
|
joomlamojoomla |
16y ago |
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to in… |
| CVE-2010-0944 |
medium |
— |
6.0 |
EXP |
|
thorsten_riessjoomla |
17y ago |
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.ph… |
| CVE-2010-0943 |
medium |
— |
6.0 |
EXP |
|
joomlartjoomla |
17y ago |
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowc… |
| CVE-2010-0942 |
medium |
— |
6.0 |
EXP |
|
jvideodirectjoomla |
17y ago |
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.… |
| CVE-2010-0801 |
low |
— |
4.5 |
EXP |
|
autarticajoomla |
17y ago |
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary fil… |
| CVE-2010-0760 |
medium |
— |
7.8 |
EXP |
|
greatjoomlajoomla |
17y ago |
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequ… |
| CVE-2010-0696 |
medium |
— |
6.0 |
EXP |
|
joomlaworksjoomla |
17y ago |
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../..… |
| CVE-2009-4651 |
medium |
— |
5.3 |
EXP |
|
onnogroenjoomla |
17y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML vi… |
