Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4270 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2010-11-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
CVE-2010-2535 1 Joomla 1 Joomla\! 2010-10-05 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
CVE-2010-3422 2 Joomla, Solventus 2 Joomla\!, Com Jgen 2010-09-16 7.5 HIGH N/A
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2010-3203 2 Joomla, Xmlswf 2 Joomla\!, Com Picsell 2010-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
CVE-2010-2694 2 Joomla, Redcomponent 2 Joomla\!, Com Redshop 2010-07-12 7.5 HIGH N/A
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2010-2681 1 Joomla 2 Com Sef, Joomla\! 2010-07-12 7.5 HIGH N/A
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
CVE-2010-2690 2 Jooforge, Joomla 2 Com Gamesbox, Joomla\! 2010-07-12 7.5 HIGH N/A
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
CVE-2010-2513 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2010-06-28 7.5 HIGH N/A
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-2515 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2010-06-28 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
CVE-2010-2514 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2010-06-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
CVE-2009-4431 2 Anything-digital, Joomla 2 Com Jcalpro, Joomla\! 2010-06-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2010-1478 2 Joomla, Ternaria 2 Joomla\!, Com Jfeedback 2010-06-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1476 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2010-06-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
CVE-2010-1473 2 Johnmccollum, Joomla 2 Com Advertising, Joomla\! 2010-06-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1468 2 Focusdev, Joomla 2 Com Mv Restaurantmenumanager, Joomla\! 2010-06-10 7.5 HIGH N/A
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.
CVE-2010-1469 2 Joomla, Ternaria 2 Joomla\!, Com Jprojectmanager 2010-06-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1471 2 B-elektro, Joomla 2 Com Addressbook, Joomla\! 2010-06-10 7.5 HIGH N/A
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1472 2 Joomla, Kazulah 2 Joomla\!, Com Horoscope 2010-06-10 7.5 HIGH N/A
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1479 2 Joomla, Rockettheme 2 Joomla\!, Com Rokmodule 2010-06-10 7.5 HIGH N/A
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
CVE-2010-1477 2 Joomla, Martin Hess 2 Joomla\!, Com Sermonspeaker 2010-06-10 7.5 HIGH N/A
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.