Filtered by vendor Joomla
Subscriptions
Total
921 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0374 | 2 Codingfish, Joomla | 2 Com Marketplace, Joomla\! | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | ||||
CVE-2010-0373 | 1 Joomla | 2 Com Libros, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | ||||
CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | ||||
CVE-2011-5148 | 2 Joomla, Wasen | 2 Joomla\!, Mod Simplefileupload | 2024-08-07 | N/A |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | ||||
CVE-2011-5099 | 2 Chillcreations, Joomla | 2 Mod Ccnewsletter, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
CVE-2011-5004 | 2 Fabrikar, Joomla | 2 Com Fabrikar, Joomla\! | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2011-4937 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 7.5 High |
Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | ||||
CVE-2011-4907 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 5.3 Medium |
Joomla! 1.5x through 1.5.12: Missing JEXEC Check | ||||
CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 5.3 Medium |
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | ||||
CVE-2011-4570 | 2 Joomla, Takeaweb | 2 Joomla\!, Com Timereturns | 2024-08-07 | N/A |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | ||||
CVE-2011-4571 | 2 Eaimproved, Joomla | 2 Com Estateagent, Joomla\! | 2024-08-07 | N/A |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | ||||
CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-08-06 | 7.5 High |
Joomla! core 1.7.1 allows information disclosure due to weak encryption | ||||
CVE-2011-3595 | 1 Joomla | 1 Joomla\! | 2024-08-06 | 5.4 Medium |
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | ||||
CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | ||||
CVE-2011-2890 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | ||||
CVE-2011-2891 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | ||||
CVE-2011-2710 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. | ||||
CVE-2011-1151 | 1 Joomla | 1 Joomla\! | 2024-08-06 | 9.1 Critical |
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | ||||
CVE-2011-0511 | 2 Joomla, Joomtraders | 2 Joomla\!, Com Allcinevid | 2024-08-06 | N/A |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
CVE-2011-0005 | 1 Joomla | 2 Com Search, Joomla\! | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. |