Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 1.5.16  Security Vulnerabilities
CVE-2010-2255
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-06-09
CVE-2010-1649
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2010-06-08
CVE-2010-2147
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.
CVSS Score
4.3
EPSS Score
0.006
Published
2010-06-03
CVE-2010-2148
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-06-03
CVE-2010-2122
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVSS Score
6.8
EPSS Score
0.018
Published
2010-06-01
CVE-2010-2128
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
CVSS Score
7.5
EPSS Score
0.023
Published
2010-06-01
CVE-2010-2129
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.04
Published
2010-06-01
CVE-2010-2044
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.
CVSS Score
7.5
EPSS Score
0.011
Published
2010-05-25
CVE-2010-2045
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVSS Score
7.5
EPSS Score
0.024
Published
2010-05-25
CVE-2010-2046
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2010-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved