VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2009-3335Sep 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.

  • CVE-2009-3334Sep 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.

  • CVE-2009-3332Sep 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.

  • CVE-2009-3325Sep 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.

  • CVE-2009-3193Sep 15, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.

  • CVE-2009-3155Sep 10, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.

  • CVE-2008-7169Sep 8, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.

  • CVE-2009-3063Sep 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.

  • CVE-2008-7033Aug 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was…

  • CVE-2008-6923Aug 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.

  • CVE-2008-6883Jul 30, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-6882Jul 30, 2009
    risk 0.03cvss epss 0.02

    Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

  • CVE-2008-6881Jul 30, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.

  • CVE-2009-2638Jul 28, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.

  • CVE-2009-2637Jul 28, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2009-2635Jul 28, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2009-2634Jul 28, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2009-2633Jul 28, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2009-2609Jul 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.

  • CVE-2009-2607Jul 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.

  • CVE-2009-2601Jul 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.

  • CVE-2009-2554Jul 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to…

  • CVE-2009-2395Jul 9, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.

  • CVE-2009-2390Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.

  • CVE-2008-6852Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-6841Jul 1, 2009
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…

  • CVE-2009-2239Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to…

  • CVE-2009-2102Jun 17, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.

  • CVE-2009-2099Jun 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.

  • CVE-2009-2014Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.

  • CVE-2009-1938Jun 5, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.

  • CVE-2009-1736May 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.

  • CVE-2009-1499May 1, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.

  • CVE-2008-6653Apr 7, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-6489Mar 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.

  • CVE-2008-6481Mar 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

  • CVE-2008-6430Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

  • CVE-2008-6429Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.

  • CVE-2009-0730Feb 24, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which…

  • CVE-2009-0726Feb 24, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.

  • CVE-2009-0702Feb 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.

  • CVE-2008-6234Feb 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2008-6184Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.

  • CVE-2008-6182Feb 19, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.

  • CVE-2008-6166Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

  • CVE-2008-6149Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.

  • CVE-2008-6148Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.

  • CVE-2008-6116Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.

  • CVE-2008-6068Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.

  • CVE-2009-0494Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.

Page 10 of 22