Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Joomla
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-4256 |
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. Published: August 13, 2012; 2:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-4235 |
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. Published: August 10, 2012; 6:34:48 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-4071 |
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Published: August 10, 2012; 6:34:48 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3554 |
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: August 10, 2012; 6:34:48 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-3829 |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. Published: July 03, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3828 |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. Published: July 03, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2748 |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." Published: July 03, 2012; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2747 |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." Published: July 03, 2012; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-2902 |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. Published: May 21, 2012; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-2901 |
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. Published: May 21, 2012; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1018 |
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. Published: February 07, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-5004 |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Published: December 24, 2011; 8:55:04 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2011-4830 |
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. Published: December 14, 2011; 10:57:34 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2011-4829 |
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. Published: December 14, 2011; 10:57:34 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4823 |
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. Published: December 14, 2011; 10:57:34 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4809 |
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. Published: December 13, 2011; 7:55:19 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4808 |
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. Published: December 13, 2011; 7:55:19 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4804 |
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Published: December 13, 2011; 7:55:04 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4571 |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. Published: November 29, 2011; 6:55:09 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4570 |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. Published: November 29, 2011; 6:55:07 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |