Filtered by vendor Joomla
Subscriptions
Total
921 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27911 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
| An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | ||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2024-09-16 | N/A |
| A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2020-35614 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. | ||||
| CVE-2010-2681 | 1 Joomla | 2 Com Sef, Joomla\! | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | ||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||||
| CVE-2009-4233 | 2 Joomla, Youjoomla | 2 Joomla\!, Yj Whois | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2021-23129 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | ||||
| CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | ||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||||
| CVE-2010-1480 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2024-09-16 | N/A |
| SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-7982 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-4909 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | ||||
| CVE-2006-4996 | 1 Joomla | 1 Joomlalib | 2024-09-16 | N/A |
| Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | ||||
| CVE-2011-4804 | 2 Foobla, Joomla | 2 Com Obsuggest, Joomla\! | 2024-09-16 | N/A |
| Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2022-23793 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 7.5 High |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | ||||
| CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
| Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | ||||
| CVE-2010-5286 | 2 Joobi, Joomla | 2 Com Jstore, Joomla\! | 2024-09-16 | N/A |
| Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2009-4650 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2024-09-16 | N/A |
| SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2021-26028 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.5 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path. | ||||
| CVE-2010-4270 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2024-09-16 | N/A |
| Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. | ||||