Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2050 2 Joomla, M0r0n 2 Joomla\!, Com Mscomment 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2128 2 Harmistechnology, Joomla 2 Com Jequoteform, Joomla\! 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
CVE-2010-2129 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2147 2 Joomla, Unisoft 2 Joomla\!, Com Mycar 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.
CVE-2010-2148 2 Joomla, Unisoft 2 Joomla\!, Com Mycar 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
CVE-2010-2464 2 Joomla, Rsjoomla 2 Joomla\!, Com Rscomments 2017-08-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
CVE-2010-2507 2 Joomla, Masselink 2 Joomla\!, Com Picasa2gallery 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2613 2 Harmistechnology, Joomla 2 Com Awd Song, Joomla\! 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.
CVE-2010-2622 2 Joomanager, Joomla 2 Joomanager, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-2680 2 Harmistechnology, Joomla 2 Com Jesectionfinder, Joomla\! 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
CVE-2010-2682 2 Joomla, Realtyna 2 Joomla\!, Com Realtyna 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2845 2 Joomla, Schlu.net 2 Joomla\!, Com Quickfaq 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
CVE-2010-2907 2 Huruhelpdesk, Joomla 2 Com Huruhelpdesk, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
CVE-2010-2908 2 Joomdle, Joomla 2 Com Joomdle, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
CVE-2010-2918 2 Joomla, Visocrea 2 Joomla\!, Com Joomla Visites 2017-08-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2010-2919 2 Joomla, Joomlaxt 2 Joomla\!, Com Staticxt 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-2920 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla\! 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-2921 2 Joomla, Photoindochina 2 Joomla\!, Com Golfcourseguide 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
CVE-2010-2923 2 Joomla, Prasanna 2 Joomla\!, Com Youtube 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
CVE-2010-3028 2 Joomla, Simon Philips 2 Joomla, Aardvertiser 2017-08-16 3.6 LOW N/A
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.