Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Joomla
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-3357 |
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. Published: September 24, 2009; 12:30:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3342 |
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. Published: September 24, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3335 |
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. Published: September 24, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3334 |
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. Published: September 23, 2009; 8:08:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3332 |
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. Published: September 23, 2009; 8:08:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3325 |
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. Published: September 23, 2009; 8:08:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3318 |
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. Published: September 23, 2009; 8:08:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3316 |
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. Published: September 23, 2009; 8:08:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3215 |
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Published: September 16, 2009; 3:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3193 |
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. Published: September 15, 2009; 5:30:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3155 |
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. Published: September 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-3154 |
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. Published: September 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-7169 |
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. Published: September 08, 2009; 6:30:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3063 |
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. Published: September 03, 2009; 1:30:21 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3054 |
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. Published: September 03, 2009; 1:30:10 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3053 |
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. Published: September 03, 2009; 1:30:10 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-7033 |
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. Published: August 24, 2009; 6:30:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-2789 |
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: August 17, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-2782 |
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Published: August 17, 2009; 12:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-6923 |
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. Published: August 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |