Vulnerability List last 3 months from NVD - US Gov.
Posted: Fri Oct 30, 2009 6:23 pm
In light of discussions such as http://forum.joomla.org/viewtopic.php?f=432&t=411032 and http://forum.joomla.org/viewtopic.php?f=432&t=445638 among others, here is a list (kind of long - 38 results) of vulnerabilities to some 3rd party Joomla components discovered in the last 3 months. This data is from the National Vulnerability Database run by the US Government. http://web.nvd.nist.gov/view/vuln/search?cid=1
Results are from the vulnerability keyword search (above url) using joomla as the keyword. Results are from last 3 months. I included the summary of the vulnerability for each.
If you are using one of these affected components on your site, update it to the latest version or completely remove the component (and it's files) from your site if there is no update or patch.
CVE-2009-3822
Summary: PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
Published: 10/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3817
Summary: PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 10/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3669
Summary: SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
Published: 10/11/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3661
Summary: Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
Published: 10/11/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-3645
Summary: SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
Published: 10/09/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3644
Summary: SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
Published: 10/09/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3491
Summary: SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3481
Summary: A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3480
Summary: SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3446
Summary: SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3443
Summary: SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3438
Summary: SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3434
Summary: SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3417
Summary: SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
Published: 09/25/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3368
Summary: Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
Published: 09/24/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-3357
Summary: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3342
Summary: SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3335
Summary: SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3334
Summary: SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3332
Summary: SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3325
Summary: SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3318
Summary: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3316
Summary: SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3215
Summary: SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
Published: 09/16/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3193
Summary: SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
Published: 09/15/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3155
Summary: Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
Published: 09/10/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-3154
Summary: SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
Published: 09/10/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-7169
Summary: SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
Published: 09/08/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3063
Summary: SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
Published: 09/03/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3054
Summary: SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
Published: 09/03/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3053
Summary: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
Published: 09/03/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2008-7033
Summary: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Published: 08/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-2789
Summary: SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 08/17/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-2782
Summary: SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Published: 08/17/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6923
Summary: SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
Published: 08/10/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6883
Summary: SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6882
Summary: Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6881
Summary: Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)
Results are from the vulnerability keyword search (above url) using joomla as the keyword. Results are from last 3 months. I included the summary of the vulnerability for each.
If you are using one of these affected components on your site, update it to the latest version or completely remove the component (and it's files) from your site if there is no update or patch.
CVE-2009-3822
Summary: PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
Published: 10/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3817
Summary: PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 10/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3669
Summary: SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
Published: 10/11/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3661
Summary: Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
Published: 10/11/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-3645
Summary: SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
Published: 10/09/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3644
Summary: SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
Published: 10/09/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3491
Summary: SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3481
Summary: A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3480
Summary: SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 09/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3446
Summary: SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3443
Summary: SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3438
Summary: SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3434
Summary: SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
Published: 09/28/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3417
Summary: SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
Published: 09/25/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3368
Summary: Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
Published: 09/24/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-3357
Summary: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3342
Summary: SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3335
Summary: SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
Published: 09/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3334
Summary: SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3332
Summary: SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3325
Summary: SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3318
Summary: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3316
Summary: SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
Published: 09/23/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3215
Summary: SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
Published: 09/16/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3193
Summary: SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
Published: 09/15/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3155
Summary: Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
Published: 09/10/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-3154
Summary: SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
Published: 09/10/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-7169
Summary: SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
Published: 09/08/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3063
Summary: SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
Published: 09/03/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3054
Summary: SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
Published: 09/03/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-3053
Summary: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
Published: 09/03/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2008-7033
Summary: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Published: 08/24/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-2789
Summary: SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 08/17/2009
CVSS Severity: 7.5 (HIGH)
CVE-2009-2782
Summary: SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Published: 08/17/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6923
Summary: SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
Published: 08/10/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6883
Summary: SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6882
Summary: Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)
CVE-2008-6881
Summary: Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
Published: 07/30/2009
CVSS Severity: 7.5 (HIGH)