Search Results (979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7228 1 Joomla 1 Joomla\! 2025-04-12 N/A
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
CVE-2013-5953 2 Codepeople, Joomla 2 Com Multicalendar, Joomla\! 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVE-2014-6631 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7983 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6632 1 Joomla 1 Joomla\! 2025-04-12 N/A
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
CVE-2014-7229 1 Joomla 1 Joomla\! 2025-04-12 N/A
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
CVE-2014-7984 1 Joomla 1 Joomla\! 2025-04-12 N/A
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVE-2014-7981 1 Joomla 1 Joomla\! 2025-04-12 N/A
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0374 2 Codingfish, Joomla 2 Com Marketplace, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
CVE-2010-1469 2 Joomla, Ternaria 2 Joomla\!, Com Jprojectmanager 2025-04-11 N/A
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1471 2 B-elektro, Joomla 2 Com Addressbook, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1472 2 Joomla, Kazulah 2 Joomla\!, Com Horoscope 2025-04-11 N/A
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1475 2 Joomla, Ternaria 2 Joomla\!, Com Preventive 2025-04-11 N/A
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1477 2 Joomla, Martin Hess 2 Joomla\!, Com Sermonspeaker 2025-04-11 N/A
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
CVE-2010-1478 2 Joomla, Ternaria 2 Joomla\!, Com Jfeedback 2025-04-11 N/A
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1479 2 Joomla, Rockettheme 2 Joomla\!, Com Rokmodule 2025-04-11 N/A
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
CVE-2010-1480 2 Joomla, Rockettheme 2 Joomla\!, Com Rokmodule 2025-04-11 N/A
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1491 2 Joomla, Mms.pipp 2 Joomla\!, Com Mmsblog 2025-04-11 N/A
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1493 2 Awdsolution, Joomla 2 Com Awdwall, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
CVE-2009-4650 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2025-04-11 N/A
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.