High

DATE	CVE	VULNERABILITY TITLE	RISK
2009-08-24	CVE-2008-7033	SQL Injection vulnerability in Galore COM Simpleshop SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. network low complexity galore joomla CWE-89	7.5
2009-08-17	CVE-2009-2789	SQL Injection vulnerability in Permis COM Groups SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. network low complexity joomla permis CWE-89	7.5
2009-08-17	CVE-2009-2782	SQL Injection vulnerability in Jfusion COM Jfusion SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. network low complexity joomla jfusion CWE-89	7.5
2009-08-10	CVE-2008-6923	SQL Injection vulnerability in Joomla COM Content 1.0.0 SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. network low complexity joomla CWE-89	7.5
2009-07-30	CVE-2008-6883	SQL Injection vulnerability in Joompolitan COM Livechat 1.0 SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. network low complexity joomla joompolitan CWE-89	7.5
2009-07-30	CVE-2008-6882	Improper Input Validation vulnerability in Joompolitan COM Livechat 1.0 Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. network low complexity joomla joompolitan CWE-20	7.5
2009-07-30	CVE-2008-6881	SQL Injection vulnerability in Joompolitan COM Livechat 1.0 Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. network low complexity joompolitan joomla CWE-89	7.5
2009-07-28	CVE-2009-2638	SQL Injection vulnerability in Konze COM Akobook 2.3 SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. network low complexity joomla konze CWE-89	7.5
2009-07-28	CVE-2009-2637	Code Injection vulnerability in Ordasoft COM Booklibrary 1.5.2.4 PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network low complexity joomla ordasoft CWE-94	7.5
2009-07-28	CVE-2009-2635	Code Injection vulnerability in Ordasoft COM Realestatemanager 1.0 PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network low complexity joomla ordasoft CWE-94	7.5