Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4638 2 Iptechinside, Joomla 2 Com Jquarks4s, Joomla\! 2010-12-30 6.8 MEDIUM N/A
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-4618 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2010-12-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4404 2 Anything-digital, Joomla 2 Sh404sef, Joomla\! 2010-12-15 7.5 HIGH N/A
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4405 2 Anything-digital, Joomla 2 Sh404sef, Joomla\! 2010-12-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4516 2 Joomla, Jxtended 2 Joomla\!, Jxtended Comments 2010-12-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4517 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2010-12-09 6.8 MEDIUM N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2010-12-01 7.5 HIGH N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2010-4270 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2010-11-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
CVE-2010-2535 1 Joomla 1 Joomla\! 2010-10-05 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
CVE-2010-3422 2 Joomla, Solventus 2 Joomla\!, Com Jgen 2010-09-16 7.5 HIGH N/A
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2010-3203 2 Joomla, Xmlswf 2 Joomla\!, Com Picsell 2010-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
CVE-2010-2694 2 Joomla, Redcomponent 2 Joomla\!, Com Redshop 2010-07-12 7.5 HIGH N/A
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2010-2690 2 Jooforge, Joomla 2 Com Gamesbox, Joomla\! 2010-07-12 7.5 HIGH N/A
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
CVE-2010-2681 1 Joomla 2 Com Sef, Joomla\! 2010-07-12 7.5 HIGH N/A
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
CVE-2009-4431 2 Anything-digital, Joomla 2 Com Jcalpro, Joomla\! 2010-06-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2010-2513 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2010-06-28 7.5 HIGH N/A
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-2514 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2010-06-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
CVE-2010-2515 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2010-06-28 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
CVE-2010-1478 2 Joomla, Ternaria 2 Joomla\!, Com Jfeedback 2010-06-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1472 2 Joomla, Kazulah 2 Joomla\!, Com Horoscope 2010-06-10 7.5 HIGH N/A
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.