I'm helping a client do a security audit of one of their servers. A couple of their sites are running Joomla, which I have very little experience with, so as part of this I set out to compile a list of available exploits to compare against their Joomla versions and installed components.