Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,134 matching records.
Displaying matches 681 through 700.
Vuln ID Summary CVSS Severity
CVE-2010-0676

Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.

Published: February 22, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0670

Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors.

Published: February 22, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0635

SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published: February 12, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0632

SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.

Published: February 12, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0610

Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.

Published: February 11, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0467

Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.

Published: February 02, 2010; 12:30:00 PM -0500
V3.1: 5.8 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2010-0461

SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.

Published: January 28, 2010; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2010-0459

SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Published: January 28, 2010; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0456

SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.

Published: January 28, 2010; 3:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0374

Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0373

SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0372

SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.

Published: January 21, 2010; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4628

SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4625

SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4620

SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4619

SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.

Published: January 18, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4604

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4599

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4598

SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.

Published: January 12, 2010; 12:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0158

** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report."

Published: January 06, 2010; 5:00:12 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH