Vulnerabilities > Joomla
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-10 | CVE-2012-3554 | SQL Injection vulnerability in Rsgallery2 COM Rsgallery2 SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-07-03 | CVE-2012-3829 | Information Exposure vulnerability in Joomla Joomla! 2.5.3 Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | 5.0 |
2012-07-03 | CVE-2012-3828 | Cross-Site Scripting vulnerability in Joomla Joomla! 2.5.3 Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | 4.3 |
2012-07-03 | CVE-2012-2748 | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | 5.0 |
2012-07-03 | CVE-2012-2747 | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." | 7.5 |
2012-05-21 | CVE-2012-2902 | Unspecified vulnerability in Ryan Demmer Joomla Content Editor 2.0 Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. | 6.0 |
2012-05-21 | CVE-2012-2901 | Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 2.0 Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. | 4.3 |
2012-02-08 | CVE-2012-1018 | Cross-Site Scripting vulnerability in Dmackmedia MOD Currencyconverter 1.0.0 Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. | 4.3 |
2011-12-25 | CVE-2011-5004 | Unspecified vulnerability in Fabrikar COM Fabrikar Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 6.0 |
2011-12-15 | CVE-2011-4830 | Cross-Site Scripting vulnerability in Barter-Sites COM Listing 1.3 Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. | 3.5 |