Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3438 | 2 Joomla, Witchakorn Kamolpornwijit | 2 Joomla, Com Facebook | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | |||||
CVE-2009-3480 | 2 Isygen, Joomla | 2 Icrm Basic, Joomla | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3835 | 2 Joomla, Whorl Ltd | 2 Joomla, Jshop | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php. | |||||
CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | |||||
CVE-2009-4255 | 2 Joomla, Youjoomla | 2 Joomla\!, You\!hostit\! | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. | |||||
CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | |||||
CVE-2009-3834 | 2 Joomla, Webguerilla | 2 Joomla, Com Photoblog | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php. | |||||
CVE-2009-3945 | 1 Joomla | 1 Joomla\! | 2017-08-16 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | |||||
CVE-2009-2789 | 2 Joomla, Permis | 2 Joomla, Com Groups | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-1940 | 1 Joomla | 1 Joomla | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-1279 | 1 Joomla | 1 Joomla | 2017-08-16 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | |||||
CVE-2009-1280 | 1 Joomla | 1 Joomla | 2017-08-16 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2009-1938 | 1 Joomla | 1 Joomla | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. | |||||
CVE-2009-1939 | 1 Joomla | 1 Joomla | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-6299 | 1 Joomla | 1 Joomla | 2017-08-16 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | |||||
CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | |||||
CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | |||||
CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2017-08-16 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. |