Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,107 matching records.
Displaying matches 661 through 680.
Vuln ID Summary CVSS Severity
CVE-2010-0459

SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: January 28, 2010; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0456

SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.

Published: January 28, 2010; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0374

Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0373

SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0372

SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4628

SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4625

SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4620

SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4619

SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4604

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4599

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4598

SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0158

** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report."

Published: January 06, 2010; 5:00:12 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0157

Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.

Published: January 06, 2010; 5:00:12 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4583

SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.

Published: January 06, 2010; 5:00:11 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4579

Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

Published: January 06, 2010; 5:00:09 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4578

Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

Published: January 06, 2010; 5:00:09 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4576

SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.

Published: January 06, 2010; 5:00:08 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4575

Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.

Published: January 06, 2010; 5:00:07 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4573

Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: January 06, 2010; 5:00:06 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM