Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
589 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0759 | 2 Greatjoomla, Joomla | 2 Scriptegrator Plugin, Joomla\! | 2024-08-07 | N/A |
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. | ||||
CVE-2010-0800 | 2 Joomla, Joomservices | 2 Joomla\!, Com Dms | 2024-08-07 | N/A |
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. | ||||
CVE-2010-0753 | 2 Componentslab, Joomla | 2 Com Sqlreport, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-0670 | 2 Iptechinside, Joomla | 2 Com Jquarks, Joomla\! | 2024-08-07 | N/A |
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. | ||||
CVE-2010-0632 | 2 Joomla, Parkviewconsultants | 2 Joomla\!, Com Simplefaq | 2024-08-07 | N/A |
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php. | ||||
CVE-2010-0610 | 2 Joomla, Webguerilla | 2 Joomla\!, Com Photoblog | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. | ||||
CVE-2010-0456 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. | ||||
CVE-2010-0467 | 2 Chillcreations, Joomla | 2 Com Ccnewsletter, Joomla\! | 2024-08-07 | 5.8 Medium |
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | ||||
CVE-2010-0459 | 2 Joomla, Yoflash | 2 Joomla\!, Com Mochigames | 2024-08-07 | N/A |
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
CVE-2010-0374 | 2 Codingfish, Joomla | 2 Com Marketplace, Joomla\! | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | ||||
CVE-2010-0373 | 1 Joomla | 2 Com Libros, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | ||||
CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | ||||
CVE-2011-5148 | 2 Joomla, Wasen | 2 Joomla\!, Mod Simplefileupload | 2024-08-07 | N/A |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | ||||
CVE-2011-5099 | 2 Chillcreations, Joomla | 2 Mod Ccnewsletter, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
CVE-2011-5004 | 2 Fabrikar, Joomla | 2 Com Fabrikar, Joomla\! | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2011-4937 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 7.5 High |
Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | ||||
CVE-2011-4907 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 5.3 Medium |
Joomla! 1.5x through 1.5.12: Missing JEXEC Check | ||||
CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 5.3 Medium |
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | ||||
CVE-2011-4570 | 2 Joomla, Takeaweb | 2 Joomla\!, Com Timereturns | 2024-08-07 | N/A |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | ||||
CVE-2011-4571 | 2 Eaimproved, Joomla | 2 Com Estateagent, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. |