National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 821 through 840.
Vuln ID Summary CVSS Severity
CVE-2008-2569

SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.

Published: June 06, 2008; 02:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2454

SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.

Published: May 27, 2008; 10:32:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-2093

SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.

Published: May 06, 2008; 12:20:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2095

SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

Published: May 06, 2008; 12:20:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1935

SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.

Published: April 25, 2008; 02:05:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-1890

SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: April 18, 2008; 06:05:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1848

Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.

Published: April 16, 2008; 01:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1849

Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.

Published: April 16, 2008; 01:05:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-1733

SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.

Published: April 11, 2008; 03:05:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1682

PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.

Published: April 04, 2008; 03:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1559

SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Published: March 31, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1535

SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.

Published: March 28, 2008; 02:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1540

SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: March 28, 2008; 02:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1533

Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.

Published: March 27, 2008; 08:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1505

PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.

Published: March 25, 2008; 03:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1465

SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.

Published: March 24, 2008; 05:44:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-1459

SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: March 24, 2008; 02:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1460

SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: March 24, 2008; 02:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1427

SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

Published: March 20, 2008; 02:44:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1297

SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

Published: March 12, 2008; 01:44:00 PM -04:00
    V2: 7.5 HIGH