Page 10 of 113 results (0.009 seconds)

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3

CVE-2009-3817 – Joomla! Component Book Library 1.0 - Remote File Inclusion

https://notcve.org/view.php?id=CVE-2009-3817

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inclusión remota de archivos PHP en doc/releasenote.php en el componente BookLibrary (com_booklibrary) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path, un vector diferente que CVE-2009-2637. • https://www.exploit-db.com/exploits/9889 http://www.securityfocus.com/bid/36732 http://www.securityfocus.com/bid/36732/exploit http://www.vupen.com/english/advisories/2009/2969 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

CVE-2009-3644 – Joomla! Component Soundset 1.0 - SQL Injection

https://notcve.org/view.php?id=CVE-2009-3644

SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente de Joomla! "Soundset" (com_soundset) v1.0 permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_id a index.php. • https://www.exploit-db.com/exploits/10067 http://packetstormsecurity.org/0910-exploits/joomlasoundset-sql.txt http://www.securityfocus.com/bid/36597 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3

CVE-2009-3434 – Joomla! / Mambo Component Tupinambis - SQL Injection

https://notcve.org/view.php?id=CVE-2009-3434

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. Vulnerabilidad de inyección SQL en el componente Tupinambis (com_tupinambis) v1.0 para Mambo y Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "proyecto" en una acción "verproyecto" de index.php. • https://www.exploit-db.com/exploits/9832 http://packetstormsecurity.org/0909-exploits/mambojoomlatupinambis-sql.txt http://secunia.com/advisories/36848 http://www.securityfocus.com/bid/36511 http://www.vupen.com/english/advisories/2009/2730 https://exchange.xforce.ibmcloud.com/vulnerabilities/53454 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

CVE-2009-3446 – Joomla! Component com_mytube (user_id) 1.0 Beta - Blind SQL Injection

https://notcve.org/view.php?id=CVE-2009-3446

SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. Vulnerabilidad de inyección SQL en el componente MyRemote Video Gallery (com_mytube)v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "user_id" en una acción "videos" a index.php. • https://www.exploit-db.com/exploits/9733 http://www.exploit-db.com/exploits/9733 http://www.securityfocus.com/bid/36470 https://exchange.xforce.ibmcloud.com/vulnerabilities/53401 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3

CVE-2009-3316 – Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection

https://notcve.org/view.php?id=CVE-2009-3316

SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. Vulnerabilidad de inyección SQL en el componente JReservation (com_jreservation) v1.0 y v1.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "pid" en una acción propertycpanel a index.php. • https://www.exploit-db.com/exploits/9713 http://osvdb.org/58176 http://secunia.com/advisories/36774 http://www.exploit-db.com/exploits/9713 http://www.securityfocus.com/bid/36446 https://exchange.xforce.ibmcloud.com/vulnerabilities/53327 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •