Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla
Subscriptions
Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-2015 | 2 Ideal, Joomla | 2 Com Moofaq, Joomla | 2024-08-07 | N/A |
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2024-08-07 | N/A |
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | ||||
CVE-2009-1938 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. | ||||
CVE-2009-1939 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-1940 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2024-08-07 | N/A |
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | ||||
CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2024-08-07 | N/A |
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 | ||||
CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2024-08-07 | N/A |
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. | ||||
CVE-2009-1280 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2009-1279 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | ||||
CVE-2009-1263 | 2 Alikonweb, Joomla | 2 Com Bookjoomlas, Joomla | 2024-08-07 | N/A |
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. | ||||
CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2024-08-07 | N/A |
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2009-0702 | 2 Joomla, Phoca | 2 Joomla, Com Phocadocumentation | 2024-08-07 | N/A |
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. | ||||
CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | ||||
CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2024-08-07 | N/A |
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | ||||
CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2024-08-07 | N/A |
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | ||||
CVE-2009-0494 | 2 Joomla, Mivaco | 2 Joomla, Com Portfol | 2024-08-07 | N/A |
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php. | ||||
CVE-2009-0379 | 1 Joomla | 2 Com Pcchess, Joomla | 2024-08-07 | N/A |
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. | ||||
CVE-2009-0373 | 2 Elearningforce, Joomla | 2 Flash Magazine Deluxe, Joomla | 2024-08-07 | N/A |
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. | ||||
CVE-2009-0420 | 2 Joomla, Rd-media | 2 Joomla, Rd-autos | 2024-08-07 | N/A |
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |