Filtered by vendor Joomla Subscriptions
Total 921 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-4702 2 Fxwebdesign, Joomla 2 Com Jradio, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4696 1 Joomla 1 Joomla\! 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4638 2 Iptechinside, Joomla 2 Com Jquarks4s, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-4618 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4617 2 Joomla, Kanich 2 Joomla\!, Com Jotloader 2024-11-21 N/A
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2010-4517 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2010-4516 2 Joomla, Jxtended 2 Joomla\!, Jxtended Comments 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4405 2 Anything-digital, Joomla 2 Sh404sef, Joomla\! 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4404 2 Anything-digital, Joomla 2 Sh404sef, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2024-11-21 N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2010-4272 2 Joomla, Pulseinfotech 2 Joomla\!, Com Sponsorwall 2024-11-21 N/A
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4270 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2024-11-21 N/A
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
CVE-2010-4268 2 Joomla, Pulseinfotech 2 Joomla\!, Com Flipwall 2024-11-21 N/A
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4166 1 Joomla 1 Joomla\! 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
CVE-2010-3712 1 Joomla 1 Joomla\! 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.
CVE-2010-3426 2 4you-studio, Joomla 2 Com Jphone, Joomla\! 2024-11-21 N/A
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-3422 2 Joomla, Solventus 2 Joomla\!, Com Jgen 2024-11-21 N/A
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2010-3211 2 Jextn, Joomla 2 Com Jefaqpro, Joomla\! 2024-11-21 N/A
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
CVE-2010-3203 2 Joomla, Xmlswf 2 Joomla\!, Com Picsell 2024-11-21 N/A
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
CVE-2010-3028 2 Joomla, Simon Philips 2 Joomla, Aardvertiser 2024-11-21 N/A
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.