Total
580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3971 | 2 Joomla, Jtips | 2 Joomla\!, Com Jtips | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | |||||
| CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2024-02-04 | 9.3 HIGH | N/A |
| SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | |||||
| CVE-2009-4255 | 2 Joomla, Youjoomla | 2 Joomla\!, You\!hostit\! | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. | |||||
| CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | |||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | |||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | |||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | |||||
| CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | |||||
| CVE-2009-3817 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-7169 | 2 Jabode, Joomla | 2 Com Jabode, Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. | |||||
| CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | |||||
| CVE-2009-3822 | 2 Fijiwebdesign, Joomla | 2 Com Ajaxchat, Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. | |||||
| CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. | |||||
| CVE-2009-4233 | 2 Joomla, Youjoomla | 2 Joomla\!, Yj Whois | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4157 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Proofreader | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. | |||||
| CVE-2009-3964 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjamonials | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | |||||