National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,073 matching records.
Displaying matches 461 through 480.
Vuln ID Summary CVSS Severity
CVE-2010-2847

Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.

Published: July 24, 2010; 10:04:11 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2846

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.

Published: July 24, 2010; 10:04:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-2845

SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.

Published: July 24, 2010; 10:04:11 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4946

Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: July 22, 2010; 02:30:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-4938

SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.

Published: July 22, 2010; 01:40:07 AM -04:00
    V2: 7.5 HIGH
CVE-2010-2694

SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.

Published: July 12, 2010; 01:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2690

SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.

Published: July 12, 2010; 09:27:28 AM -04:00
    V2: 7.5 HIGH
CVE-2010-2682

Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: July 12, 2010; 09:27:28 AM -04:00
    V2: 7.5 HIGH
CVE-2010-2681

PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

Published: July 12, 2010; 09:27:28 AM -04:00
    V2: 7.5 HIGH
CVE-2010-2680

Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

Published: July 12, 2010; 09:27:27 AM -04:00
    V2: 6.8 MEDIUM
CVE-2010-2679

SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: July 08, 2010; 06:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2678

SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

Published: July 08, 2010; 06:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2622

SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: July 02, 2010; 04:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2613

Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.

Published: July 02, 2010; 08:44:44 AM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1522

Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

Published: July 02, 2010; 08:43:52 AM -04:00
    V2: 7.5 HIGH
CVE-2010-2515

Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.

Published: June 28, 2010; 04:30:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-2514

Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.

Published: June 28, 2010; 04:30:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-2513

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

Published: June 28, 2010; 04:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2010-2507

Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: June 28, 2010; 04:30:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2010-2464

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.

Published: June 25, 2010; 05:30:01 PM -04:00
    V2: 4.3 MEDIUM