National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,102 matching records.
Displaying matches 461 through 480.
Vuln ID Summary CVSS Severity
CVE-2010-4618

Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 29, 2010; 05:33:32 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-4617

Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.

Published: December 29, 2010; 05:33:32 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-4517

SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.

Published: December 09, 2010; 04:00:02 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-4516

Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 09, 2010; 04:00:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-4405

Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 06, 2010; 08:37:32 AM -05:00
    V2: 4.3 MEDIUM
CVE-2010-4404

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: December 06, 2010; 08:37:32 AM -05:00
    V2: 7.5 HIGH
CVE-2010-4365

SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.

Published: December 01, 2010; 11:06:15 AM -05:00
    V2: 7.5 HIGH
CVE-2010-4272

SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: November 16, 2010; 08:00:05 PM -05:00
    V2: 7.5 HIGH
CVE-2010-4270

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

Published: November 16, 2010; 08:00:05 PM -05:00
    V2: 5.0 MEDIUM
CVE-2010-4268

SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: November 16, 2010; 08:00:05 PM -05:00
    V2: 7.5 HIGH
CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.

Published: October 27, 2010; 08:00:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-2535

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

Published: October 05, 2010; 02:00:03 PM -04:00
    V2: 3.5 LOW
CVE-2010-3426

Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Published: September 16, 2010; 06:00:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3422

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: September 16, 2010; 06:00:02 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3211

Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.

Published: September 03, 2010; 02:00:04 PM -04:00
    V2: 7.5 HIGH
CVE-2010-3203

Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.

Published: September 03, 2010; 02:00:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-3028

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

Published: August 16, 2010; 04:00:03 PM -04:00
    V2: 3.6 LOW
CVE-2010-2923

SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.

Published: July 30, 2010; 04:30:04 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2921

SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2920

Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

Published: July 30, 2010; 04:30:03 PM -04:00
    V2: 6.8 MEDIUM