Search Results (979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4650 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2025-04-11 N/A
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4946 2 Joomla, Thetricky 2 Joomla\!, Com Messaging 2025-04-11 N/A
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4272 2 Joomla, Pulseinfotech 2 Joomla\!, Com Sponsorwall 2025-04-11 N/A
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2010-1601 2 Joomla, Joomlamart 2 Joomla\!, Com Jacomment 2025-04-11 N/A
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CVE-2010-0374 2 Codingfish, Joomla 2 Com Marketplace, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
CVE-2010-0456 2 Indianpulses, Joomla 2 Com Gameserver, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
CVE-2010-0461 1 Joomla 2 Com Casino, Joomla 2025-04-11 N/A
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
CVE-2010-4516 2 Joomla, Jxtended 2 Joomla\!, Jxtended Comments 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0467 2 Chillcreations, Joomla 2 Com Ccnewsletter, Joomla\! 2025-04-11 5.8 Medium
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
CVE-2010-4517 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2010-0632 2 Joomla, Parkviewconsultants 2 Joomla\!, Com Simplefaq 2025-04-11 N/A
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
CVE-2010-0635 2 Jevents, Joomla 2 Jevents Search Plugin, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2010-0760 2 Greatjoomla, Joomla 2 Scriptegrator Plugin, Joomla\! 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-0801 2 Autartica, Joomla 2 Com Autartitarot, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0803 2 Joomla, Jvideodirect 2 Joomla\!, Com Jvideodirect 2025-04-11 N/A
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
CVE-2010-4702 2 Fxwebdesign, Joomla 2 Com Jradio, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0972 2 G4j.laoneo, Joomla 2 Com Gcalendar, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2613 2 Harmistechnology, Joomla 2 Com Awd Song, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.
CVE-2010-0981 2 Joomla, Templateplazza 2 Joomla\!, Com Tpjobs 2025-04-11 N/A
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.