Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 2.5.28  Security Vulnerabilities
CVE-2011-4823
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2011-12-15
CVE-2011-4829
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-15
CVE-2011-4830
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
CVSS Score
3.5
EPSS Score
0.002
Published
2011-12-15
CVE-2011-4808
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-14
CVE-2011-4809
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-12-14
CVE-2011-4804
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVSS Score
5.0
EPSS Score
0.107
Published
2011-12-14
CVE-2011-4571
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-11-29
CVE-2011-4570
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-11-29
CVE-2010-5048
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
CVSS Score
4.3
EPSS Score
0.063
Published
2011-11-23
CVE-2010-5053
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2011-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved