Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4830 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. | |||||
| CVE-2010-1081 | 2 Corejoomla, Joomla | 2 Com Communitypolls, Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-4794 | 2 Joomla, Joomlaseller | 2 Joomla\!, Com Jscalendar | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1955 | 2 Joomla, Thefactory | 2 Joomla\!, Com Blogfactory | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-4941 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Teams | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php. | |||||
| CVE-2010-0374 | 2 Codingfish, Joomla | 2 Com Marketplace, Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | |||||
| CVE-2012-6503 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjaxplorer | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. | |||||
| CVE-2010-1056 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokdownloads | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2006-7247 | 2 Joomla, Mambo-foundation | 3 Com Weblinks, Joomla\!, Mambo | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2010-1956 | 2 Joomla, Thefactory | 2 Joomla\!, Com Gadgetfactory | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4739 | 2 Aretimes, Joomla | 2 Com Maianmedia, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. | |||||
| CVE-2010-3203 | 2 Joomla, Xmlswf | 2 Joomla\!, Com Picsell | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. | |||||
| CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | |||||
| CVE-2010-1314 | 2 Joomla, Joomlanook | 2 Joomla\!, Com Hsconfig | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4571 | 2 Eaimproved, Joomla | 2 Com Estateagent, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | |||||
| CVE-2010-1313 | 2 Joomla, Seber | 2 Joomla\!, Com Sebercart | 2025-04-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4992 | 2 Joomla, Paymentsplus | 2 Joomla\!, Payments Plus | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. | |||||
| CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0456 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. | |||||