National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,073 matching records.
Displaying matches 441 through 460.
Vuln ID Summary CVSS Severity
CVE-2010-4268

SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: November 16, 2010; 08:00:05 PM -05:00
    V2: 7.5 HIGH
CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.

Published: October 27, 2010; 08:00:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-2535

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

Published: October 05, 2010; 02:00:03 PM -04:00
    V2: 3.5 LOW
CVE-2010-3426

Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Published: September 16, 2010; 06:00:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3422

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: September 16, 2010; 06:00:02 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3211

Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.

Published: September 03, 2010; 02:00:04 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3203

Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.

Published: September 03, 2010; 02:00:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-3028

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

Published: August 16, 2010; 04:00:03 PM -04:00
    V2: 3.6 LOW
CVE-2010-2923

SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.

Published: July 30, 2010; 04:30:04 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2921

SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2920

Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-2919

SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2918

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2910

SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

Published: July 28, 2010; 05:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2909

SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.

Published: July 28, 2010; 05:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2908

SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.

Published: July 28, 2010; 05:30:02 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2907

SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.

Published: July 28, 2010; 05:30:02 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2857

Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.

Published: July 24, 2010; 10:04:14 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-2851

SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: July 24, 2010; 10:04:13 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2848

Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

Published: July 24, 2010; 10:04:11 PM -04:00
    V2: 5.0 MEDIUM