Total
578 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0982 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Cartweberp | 2010-03-17 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2009-4679 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2010-03-08 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2010-0801 | 2 Autartica, Joomla | 2 Com Autartitarot, Joomla\! | 2010-03-02 | 3.5 LOW | N/A |
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0692 | 2 Iptechinside, Joomla | 2 Com Jquarks, Joomla\! | 2010-03-02 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0760 | 2 Greatjoomla, Joomla | 2 Scriptegrator Plugin, Joomla\! | 2010-02-28 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2010-02-23 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | |||||
CVE-2009-4650 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2010-02-22 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4651 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2010-02-22 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. | |||||
CVE-2010-0635 | 2 Jevents, Joomla | 2 Jevents Search Plugin, Joomla\! | 2010-02-14 | 7.5 HIGH | N/A |
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0157 | 2 Joomla, Joomlabiblestudy | 2 Joomla\!, Com Biblestudy | 2010-01-06 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. | |||||
CVE-2009-4233 | 2 Joomla, Youjoomla | 2 Joomla\!, Yj Whois | 2009-12-08 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2009-12-08 | 5.0 MEDIUM | N/A |
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-4217 | 2 Itamar Elharar, Joomla | 2 Com Musicgallery, Joomla\! | 2009-12-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3817 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2009-10-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3822 | 2 Fijiwebdesign, Joomla | 2 Com Ajaxchat, Joomla\! | 2009-10-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. | |||||
CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2009-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | |||||
CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2009-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | |||||
CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2009-10-01 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. |