Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1352 2 Jooforge, Joomla 2 Com Jukebox, Joomla\! 2010-04-13 5.0 MEDIUM N/A
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1345 2 Cookex, Joomla 2 Com Ckforms, Joomla\! 2010-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1308 2 Joomla, La-souris-verte 2 Joomla\!, Com Svmap 2010-04-08 5.0 MEDIUM N/A
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1313 2 Joomla, Seber 2 Joomla\!, Com Sebercart 2010-04-08 4.3 MEDIUM N/A
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1314 2 Joomla, Joomlanook 2 Joomla\!, Com Hsconfig 2010-04-08 5.0 MEDIUM N/A
Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1302 2 Decryptweb, Joomla 2 Com Dwgraphs, Joomla\! 2010-04-07 5.0 MEDIUM N/A
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-1265 2 Ekith, Joomla 2 Com Dcs Flashgames, Joomla\! 2010-04-06 7.5 HIGH N/A
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-1081 2 Corejoomla, Joomla 2 Com Communitypolls, Joomla\! 2010-03-24 5.0 MEDIUM N/A
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1045 2 Design-cars, Joomla 2 Com Productbook, Joomla\! 2010-03-22 7.5 HIGH N/A
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0982 2 Joomla, Joomlamo 2 Joomla\!, Com Cartweberp 2010-03-17 4.3 MEDIUM N/A
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4679 2 Inertialfate, Joomla 2 Com If Nexus, Joomla\! 2010-03-08 7.5 HIGH N/A
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-0801 2 Autartica, Joomla 2 Com Autartitarot, Joomla\! 2010-03-02 3.5 LOW N/A
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0692 2 Iptechinside, Joomla 2 Com Jquarks, Joomla\! 2010-03-02 7.5 HIGH N/A
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0760 2 Greatjoomla, Joomla 2 Scriptegrator Plugin, Joomla\! 2010-02-28 6.8 MEDIUM N/A
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-0676 2 Joomla, Weberr 2 Joomla\!, Com Rwcards 2010-02-23 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.
CVE-2009-4651 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2010-02-22 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
CVE-2009-4650 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2010-02-22 7.5 HIGH N/A
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0635 2 Jevents, Joomla 2 Jevents Search Plugin, Joomla\! 2010-02-14 7.5 HIGH N/A
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2010-0158 2 Joomla, Joomlabamboo 2 Joomla, Jb Simpla 2010-02-04 7.5 HIGH N/A
** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report."
CVE-2010-0157 2 Joomla, Joomlabiblestudy 2 Joomla\!, Com Biblestudy 2010-01-06 7.5 HIGH N/A
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.