Vulnerabilities > Harmistechnology > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-29 | CVE-2019-9921 | Authorization Bypass Through User-Controlled Key vulnerability in Harmistechnology JE Messenger 1.2.2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. | 6.5 |
| 2019-03-29 | CVE-2019-9919 | Cross-site Scripting vulnerability in Harmistechnology JE Messenger 1.2.2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. | 5.4 |
| 2018-06-12 | CVE-2018-12254 | SQL Injection vulnerability in Harmistechnology EK Rishta 2.10 router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | 6.5 |
| 2010-12-09 | CVE-2010-4517 | SQL Injection vulnerability in Harmistechnology COM Jeauto 1.0 SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | 6.8 |
| 2010-07-12 | CVE-2010-2680 | Path Traversal vulnerability in Harmistechnology COM Jesectionfinder Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | 6.8 |
| 2010-07-02 | CVE-2010-2613 | Cross-Site Scripting vulnerability in Harmistechnology COM AWD Song Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | 4.3 |
| 2010-06-01 | CVE-2010-2129 | Path Traversal vulnerability in Harmistechnology COM Jeajaxeventcalendar 1.0.1/1.0.3 Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. | 6.8 |