Filtered by vendor Joomla
Subscribe
Total
917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2635 | 2 Joomla, Ordasoft | 2 Joomla, Com Realestatemanager | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-2634 | 2 Joomla, Ordasoft | 2 Joomla, Com Medialibrary | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-2633 | 2 Joomla, Ordasoft | 2 Joomla, Com Vehiclemanager | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
| CVE-2009-2607 | 2 Joomla, Pinme | 2 Joomla, Com Pinboard | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php. | |||||
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||
| CVE-2009-2567 | 2 Almondsoft, Joomla | 2 Almond Classifieds, Joomla\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-2554 | 2 Joomla, Olle Johansson | 2 Joomla, Jobline | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php. | |||||
| CVE-2009-2400 | 2 Fijiwebdesign, Joomla | 2 Com Php, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | |||||
| CVE-2009-2390 | 2 F-cimag-in, Joomla | 2 Com Bookflip, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php. | |||||
| CVE-2009-2239 | 1 Joomla | 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-7857 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | |||||
| CVE-2015-7297 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||||
| CVE-2016-9838 | 1 Joomla | 1 Joomla\! | 2017-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. | |||||
| CVE-2013-5955 | 2 Joomla, Purplebeanie | 2 Joomla\!, Com Pbbooking | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php. | |||||
| CVE-2013-5953 | 2 Codepeople, Joomla | 2 Com Multicalendar, Joomla\! | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php. | |||||
| CVE-2013-5952 | 2 Codologic, Joomla | 2 Com Freichat, Joomla\! | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. | |||||
| CVE-2013-3534 | 2 Algisinfo, Joomla | 2 Aicontactsafe, Joomla\! | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||