Filtered by vendor Joomla
Subscribe
Search
Total
750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4971 | 2 Joomla, Videowhisper | 2 Joomla\!, Php 2 Way Video Chat | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. | |||||
| CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php. | |||||
| CVE-2010-4990 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php. | |||||
| CVE-2010-4991 | 2 Joomla, Ninjaforge | 2 Joomla\!, Ninjamonials | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php. | |||||
| CVE-2010-4992 | 2 Joomla, Paymentsplus | 2 Joomla\!, Payments Plus | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. | |||||
| CVE-2010-4993 | 2 Joomla, Kay Messerschmidt | 2 Joomla\!, Com Eventcal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-4994 | 2 Instantphp, Joomla | 2 Jobs Pro, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. | |||||
| CVE-2010-4995 | 2 Joomla, Neojoomla | 2 Joomla\!, Com Neorecruit | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506. | |||||
| CVE-2010-5044 | 2 Joomla, Kanich | 2 Joomla\!, Com Searchlog | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4945 | 1 Joomla | 2 Com Camelcitydb2, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-5003 | 2 Autartica, Joomla | 2 Com Autartimonial, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5056 | 2 Gbu Grafici, Joomla | 2 Com Gbufacebook, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. | |||||
| CVE-2010-4944 | 2 Joomla, Mambo-foundation | 3 Com Elite Experts, Joomla\!, Mambo | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. | |||||
| CVE-2010-5028 | 2 Harmistechnology, Joomla | 2 Com Jejob, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
| CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | |||||
| CVE-2010-5042 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5043 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. | |||||
| CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2017-08-29 | 5.0 MEDIUM | N/A |
| templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | |||||
| CVE-2011-2890 | 1 Joomla | 1 Joomla\! | 2017-08-29 | 5.0 MEDIUM | N/A |
| The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | |||||
| CVE-2011-2891 | 1 Joomla | 1 Joomla\! | 2017-08-29 | 5.0 MEDIUM | N/A |
| Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | |||||
| CVE-2010-4949 | 2 Evnix, Joomla | 3 Freichat, Freichatpure, Joomla\! | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. | |||||
| CVE-2010-4853 | 2 Chillcreations, Joomla | 2 Com Ccinvoices, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | |||||
| CVE-2010-4268 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Flipwall | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-4272 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Sponsorwall | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-4617 | 2 Joomla, Kanich | 2 Joomla\!, Com Jotloader | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | |||||
| CVE-2010-4702 | 2 Fxwebdesign, Joomla | 2 Com Jradio, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4794 | 2 Joomla, Joomlaseller | 2 Joomla\!, Com Jscalendar | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4795 | 2 Joomla, Joomlaseller | 2 Joomla\!, Com Jscalendar | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4719 | 2 Fxwebdesign, Joomla | 2 Com Jradio, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2011-0511 | 2 Joomla, Joomtraders | 2 Joomla\!, Com Allcinevid | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-1474 | 2 Joomla, Supachai Teasakul | 2 Joomla\!, Com Sweetykeeper | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0456 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. | |||||
| CVE-2010-0459 | 2 Joomla, Yoflash | 2 Joomla\!, Com Mochigames | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-0461 | 1 Joomla | 2 Com Casino, Joomla | 2017-08-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. | |||||
| CVE-2010-0610 | 2 Joomla, Webguerilla | 2 Joomla\!, Com Photoblog | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. | |||||
| CVE-2010-0632 | 2 Joomla, Parkviewconsultants | 2 Joomla\!, Com Simplefaq | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php. | |||||
| CVE-2010-0670 | 2 Iptechinside, Joomla | 2 Com Jquarks, Joomla\! | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. | |||||
| CVE-2010-0694 | 2 Joomla, Percha | 2 Joomla, Com Perchagallery | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. | |||||
| CVE-2010-0753 | 2 Componentslab, Joomla | 2 Com Sqlreport, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0759 | 2 Greatjoomla, Joomla | 2 Scriptegrator Plugin, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. | |||||
| CVE-2010-0795 | 2 Harmistechnology, Joomla | 2 Com Jeeventcalendar, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. | |||||
| CVE-2010-0796 | 2 Harmistechnology, Joomla | 2 Com Jeeventcalendar, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. | |||||
| CVE-2010-0800 | 2 Joomla, Joomservices | 2 Joomla\!, Com Dms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. | |||||
| CVE-2010-0803 | 2 Joomla, Jvideodirect | 2 Joomla\!, Com Jvideodirect | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. | |||||
| CVE-2010-0942 | 2 Joomla, Jvideodirect | 2 Joomla\!, Com Jvideodirect | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0943 | 2 Joomla, Joomlart | 2 Joomla\!, Com Jashowcase | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. | |||||
| CVE-2010-0944 | 2 Joomla, Thorsten Riess | 2 Joomla\!, Com Jcollection | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0945 | 2 Hotbrackets, Joomla | 2 Com Hotbrackets, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2010-0972 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||