Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4909 | 1 Joomla | 1 Joomla\! | 2012-10-07 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | |||||
CVE-2012-0836 | 1 Joomla | 1 Joomla\! | 2012-09-12 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. | |||||
CVE-2011-5134 | 2 Joomla, Widgetfactorylimited | 2 Joomla\!, Com Jce | 2012-09-12 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-0821 | 1 Joomla | 1 Joomla\! | 2012-09-12 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. | |||||
CVE-2012-1612 | 1 Joomla | 1 Joomla\! | 2012-09-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2012-09-07 | 5.0 MEDIUM | N/A |
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||||
CVE-2012-0820 | 1 Joomla | 1 Joomla\! | 2012-09-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. | |||||
CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2012-09-06 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2012-0835 | 1 Joomla | 1 Joomla\! | 2012-09-06 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." | |||||
CVE-2012-0819 | 1 Joomla | 1 Joomla\! | 2012-09-06 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | |||||
CVE-2012-0822 | 1 Joomla | 1 Joomla\! | 2012-09-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. | |||||
CVE-2011-5113 | 2 Joomla, Techdeluge | 2 Joomla\!, Com Techfolio | 2012-08-23 | 7.5 HIGH | N/A |
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2011-5112 | 2 Blueflyingfish, Joomla | 2 Com Alameda, Joomla\! | 2012-08-23 | 7.5 HIGH | N/A |
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. | |||||
CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-4071 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. | |||||
CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 5.0 MEDIUM | N/A |
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2012-07-16 | 5.0 MEDIUM | N/A |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||||
CVE-2010-4938 | 1 Joomla | 2 Com Weblinks, Joomla\! | 2012-05-13 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2012-05-13 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | |||||
CVE-2010-4904 | 2 Joomla, Simon Philips | 2 Joomla\!, Com Aardvertiser | 2012-05-13 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. |