Filtered by vendor Joomla Subscriptions
Filtered by product Joomla\! Subscriptions
Total 589 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-4937 1 Joomla 1 Joomla\! 2024-11-21 7.5 High
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVE-2011-4912 1 Joomla 1 Joomla\! 2024-11-21 5.3 Medium
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
CVE-2011-4911 1 Joomla 1 Joomla\! 2024-11-21 N/A
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2011-4910 1 Joomla 1 Joomla\! 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2011-4909 1 Joomla 1 Joomla\! 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
CVE-2011-4907 1 Joomla 1 Joomla\! 2024-11-21 5.3 Medium
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVE-2011-4830 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
CVE-2011-4829 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2011-4823 2 Extensionsforjoomla, Joomla 2 Com Vikrealestate, Joomla\! 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVE-2011-4809 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4808 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2024-11-21 N/A
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVE-2011-4804 2 Foobla, Joomla 2 Com Obsuggest, Joomla\! 2024-11-21 N/A
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-4571 2 Eaimproved, Joomla 2 Com Estateagent, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVE-2011-4570 2 Joomla, Takeaweb 2 Joomla\!, Com Timereturns 2024-11-21 N/A
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVE-2011-4332 1 Joomla 1 Joomla\! 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4321 1 Joomla 1 Joomla\! 2024-11-21 N/A
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
CVE-2011-3747 1 Joomla 1 Joomla\! 2024-11-21 N/A
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
CVE-2011-3629 1 Joomla 1 Joomla\! 2024-11-21 7.5 High
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVE-2011-3595 1 Joomla 1 Joomla\! 2024-11-21 5.4 Medium
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVE-2011-2892 1 Joomla 1 Joomla\! 2024-11-21 N/A
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.