Filtered by vendor Joomla
Subscriptions
Total
921 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-4679 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2024-08-07 | N/A |
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | ||||
CVE-2009-4550 | 2 Joomla, Kunena | 2 Joomla\!, Kunena Forum | 2024-08-07 | N/A |
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. | ||||
CVE-2009-4620 | 2 Joomla, Joomloc | 2 Joomla\!, Com Joomloc | 2024-08-07 | N/A |
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | ||||
CVE-2009-4619 | 2 Joomla, Lucygames | 2 Joomla\!, Com Lucygames | 2024-08-07 | N/A |
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2009-4625 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfsurvey Profree | 2024-08-07 | N/A |
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. | ||||
CVE-2009-4573 | 2 Joomla, Joomlabear | 2 Joomla, Mod Joomulus | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2009-4579 | 2 Joomla, Mambo-foundation | 3 Com Artistavenue, Joomla\!, Mambo | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. | ||||
CVE-2009-4576 | 2 Cmstactics, Joomla | 2 Com Beeheard, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php. | ||||
CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | ||||
CVE-2009-4628 | 2 Joomla, Templateplaza | 2 Joomla\!, Com Tpdugg | 2024-08-07 | N/A |
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. | ||||
CVE-2009-4599 | 2 Joomla, Joomshark | 2 Joomla, Com Jsjobs | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. | ||||
CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2024-08-07 | N/A |
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. | ||||
CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
CVE-2009-4575 | 2 Joomla, Qproje | 2 Joomla\!, Com Qpersonel | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php. | ||||
CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2024-08-07 | N/A |
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | ||||
CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2024-08-07 | N/A |
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | ||||
CVE-2009-4199 | 3 Joomla, Mambo-foundation, Mamboforge | 3 Joomla\!, Mambo, Com Mosres | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. | ||||
CVE-2009-4255 | 2 Joomla, Youjoomla | 2 Joomla\!, You\!hostit\! | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. | ||||
CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | ||||
CVE-2009-4200 | 2 Joomla, Vollmar | 2 Joomla\!, Com Seminar | 2024-08-07 | N/A |
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. |