Vulnerabilities > Joomla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-15 | CVE-2011-4829 | SQL Injection vulnerability in Barter-Sites COM Listing 1.3 SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | 7.5 |
| 2011-12-15 | CVE-2011-4823 | SQL Injection vulnerability in Extensionsforjoomla COM Vikrealestate 1.0 Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. | 7.5 |
| 2011-12-14 | CVE-2011-4809 | Cross-Site Scripting vulnerability in Joomlaextensions COM Hmcommunity Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. | 4.3 |
| 2011-12-14 | CVE-2011-4808 | SQL Injection vulnerability in Joomlaextensions COM Hmcommunity SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | 7.5 |
| 2011-12-14 | CVE-2011-4804 | Path Traversal vulnerability in Foobla COM Obsuggest Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-11-29 | CVE-2011-4571 | SQL Injection vulnerability in Eaimproved COM Estateagent SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | 7.5 |
| 2011-11-29 | CVE-2011-4570 | SQL Injection vulnerability in Takeaweb COM Timereturns 2.0 SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | 7.5 |
| 2011-11-23 | CVE-2011-4332 | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-11-23 | CVE-2011-4321 | Cryptographic Issues vulnerability in Joomla Joomla! The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | 5.0 |
| 2011-11-23 | CVE-2010-5056 | SQL Injection vulnerability in GBU Grafici COM Gbufacebook 1.0.5 SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. | 7.5 |