Search Results (979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4804 2 Foobla, Joomla 2 Com Obsuggest, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-4911 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2010-4929 2 Joomla, Joostina-cms 2 Joomla\!, Com Ezautos 2025-04-11 N/A
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
CVE-2010-4945 1 Joomla 2 Com Camelcitydb2, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2011-5112 2 Blueflyingfish, Joomla 2 Com Alameda, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
CVE-2011-5134 2 Joomla, Widgetfactorylimited 2 Joomla\!, Com Jce 2025-04-11 N/A
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.
CVE-2012-5101 2 Jextensions, Joomla 2 Je Poll Component, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5230 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2025-04-11 N/A
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.
CVE-2012-5232 2 Joomla, Mediafire 2 Joomla\!, Mod Quick Form 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1977 2 Gohigheris, Joomla 2 Com Jwhmcs, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2013-3056 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
CVE-2013-3057 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
CVE-2013-3058 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3059 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0835 1 Joomla 1 Joomla\! 2025-04-11 N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
CVE-2012-0836 1 Joomla 1 Joomla\! 2025-04-11 N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
CVE-2012-1117 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1598 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
CVE-2012-1611 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
CVE-2012-1612 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.