U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 581 through 600.
Vuln ID Summary CVSS Severity
CVE-2010-2690

SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.

Published: July 12, 2010; 9:27:28 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2682

Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: July 12, 2010; 9:27:28 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2681

PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

Published: July 12, 2010; 9:27:28 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2680

Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

Published: July 12, 2010; 9:27:27 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2679

SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: July 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2678

SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

Published: July 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2622

SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Published: July 02, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2613

Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.

Published: July 02, 2010; 8:44:44 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1522

Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

Published: July 02, 2010; 8:43:52 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2515

Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.

Published: June 28, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2514

Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.

Published: June 28, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2513

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

Published: June 28, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2507

Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: June 28, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2464

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.

Published: June 25, 2010; 5:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2259

Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Published: June 09, 2010; 4:30:29 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2255

SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.

Published: June 09, 2010; 4:30:24 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2254

SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

Published: June 09, 2010; 4:30:24 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1649

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

Published: June 07, 2010; 8:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2148

SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.

Published: June 03, 2010; 10:30:01 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2147

Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.

Published: June 03, 2010; 10:30:01 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM