Im Folgenden eine Liste (Auszug) von gängigen Joomla-Modulen und -Komponenten, zu denen frei verfügbare Exploits existieren (erhebt nicht den geringsten Anspruch auf Vollständigkeit).

Joomla Component PU Arcade Remote <= 2.1.3 SQL Injection Vulnerability
Joomla Component mosDirectory 2.3.2 Remote File Inclusion Vulnerability
Joomla Component JUser 1.0.14 Remote File Inclusion Vulnerability
Joomla Component Carousel Flash Image Gallery RFI Vulnerability
Component com_colorlab 1.0 Remote File Inclusion Vulnerability
Joomla Flash uploader 2.5.1 Remote File Inclusion Vulnerabilities
Joomla Component MP3 Allopass 1.0 Remote File Inclusion Vulnerability
Joomla Component JContentSubscription 1.5.8 Multiple RFI Vulns
Joomla component MOSMediaLite451 Remote File Inclusion Vulnerability
Joomla Flash Image Gallery Component RFI Vulnerability
Component wmtportfolio 1.0 Remote File Inclusion Vulnerability
panoramic component 1.0 Remote File Inclusion Vulnerability
Joomla Component com_slideshow Remote File Inclusion Vulnerability
Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability
Component Flash Fun! 1.0 Remote File Inclusion Vulnerability
Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability
Joomla Component Restaurante Remote File Upload Vulnerability
Joomla! 1.5 Beta1/Beta2/RC1 Remote SQL Injection Exploit
Joomla Component NeoRecruit <= 1.4 (id) SQL Injection Vulnerability
Joomla Component RSfiles <= 1.0.2 (path) File Download Vulnerability
Joomla Component Nice Talk <= 0.9.3 (tagid) SQL Injection Vulnerability
Joomla Component EventList <= 0.8 (did) SQL Injection Vulnerability
Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Exploit
Joomla Component com_gmaps 1.00 (mapId) Remote SQL Injection
Joomla! CMS 1.5 beta 2 (search) Remote Code Execution Vulnerability
Component Pony Gallery <= 1.5 SQL Injection Vulnerability
Component Expose <= RC35 Remote File Upload Vulnerability
Component Phil-a-Form <= 1.2.0.0 SQL Injection Exploit
Joomla 1.5.0 Beta (pcltar.php) Remote File Inclusion Vulnerability
Template Be2004-2 (index.php) Remote File Include Exploit
Joomla Module AutoStand 1.0 Remote File Inclusion Vulnerability
Component mosMedia <= 1.0.8 Remote File Inclusion Vulnerability
Joomla Component D4JeZine <= 2.8 Remote BLIND SQL Injection Exploit
Component Car Manager <= 1.1 Remote SQL Injection Exploit
Joomla Component RWCards <= 2.4.3 Remote SQL Injection Exploit
Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability

Regelmäßig aktualisierte Liste von Exploits und Einzelheiten:
http://www.milw0rm.com/related.php?program=Joomla