National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:joomla:joomla%21:3.2.0:alpha
There are 409 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2011-5099

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: August 14, 2012; 06:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4256

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

Published: August 13, 2012; 02:55:05 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-2902

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

Published: May 21, 2012; 02:55:02 PM -04:00
    V2: 6.0 MEDIUM
CVE-2012-2901

Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.

Published: May 21, 2012; 02:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1018

Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Published: February 07, 2012; 07:55:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2011-5004

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Published: December 24, 2011; 08:55:04 PM -05:00
    V2: 6.0 MEDIUM
CVE-2011-4830

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Published: December 14, 2011; 10:57:34 PM -05:00
    V2: 3.5 LOW
CVE-2011-4829

SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.

Published: December 14, 2011; 10:57:34 PM -05:00
    V2: 7.5 HIGH
CVE-2011-4823

Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.

Published: December 14, 2011; 10:57:34 PM -05:00
    V2: 7.5 HIGH
CVE-2011-4809

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

Published: December 13, 2011; 07:55:19 PM -05:00
    V2: 4.3 MEDIUM
CVE-2011-4808

SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.

Published: December 13, 2011; 07:55:19 PM -05:00
    V2: 7.5 HIGH
CVE-2011-4804

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

Published: December 13, 2011; 07:55:04 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-4571

SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.

Published: November 29, 2011; 06:55:09 AM -05:00
    V2: 7.5 HIGH
CVE-2011-4570

SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.

Published: November 29, 2011; 06:55:07 AM -05:00
    V2: 7.5 HIGH
CVE-2010-5056

SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.

Published: November 22, 2011; 08:55:04 PM -05:00
    V2: 7.5 HIGH
CVE-2010-5053

SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.

Published: November 22, 2011; 08:55:04 PM -05:00
    V2: 7.5 HIGH
CVE-2010-5048

Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.

Published: November 22, 2011; 08:55:04 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-5044

SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.

Published: November 02, 2011; 05:55:18 PM -04:00
    V2: 6.0 MEDIUM
CVE-2010-5043

SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.

Published: November 02, 2011; 05:55:18 PM -04:00
    V2: 6.0 MEDIUM
CVE-2010-5042

Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information.

Published: November 02, 2011; 05:55:18 PM -04:00
    V2: 4.3 MEDIUM