CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 3CVE-2009-3822 – Joomla! Component Ajax Chat 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. Vulnerabilidad de subida de archivos sin restricción en el componente Fiji Web Design Ajax Chat (com_ajaxchat) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de URL en el parámetro GLOBALS[mosConfig_absolute_path] en tests/ajcuser.php. • https://www.exploit-db.com/exploits/9888 http://secunia.com/advisories/37087 http://www.packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt http://www.securityfocus.com/bid/36731 http://www.vupen.com/english/advisories/2009/2968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3644 – Joomla! Component Soundset 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3644
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente de Joomla! "Soundset" (com_soundset) v1.0 permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_id a index.php. • https://www.exploit-db.com/exploits/10067 http://packetstormsecurity.org/0910-exploits/joomlasoundset-sql.txt http://www.securityfocus.com/bid/36597 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3434 – Joomla! / Mambo Component Tupinambis - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3434
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. Vulnerabilidad de inyección SQL en el componente Tupinambis (com_tupinambis) v1.0 para Mambo y Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "proyecto" en una acción "verproyecto" de index.php. • https://www.exploit-db.com/exploits/9832 http://packetstormsecurity.org/0909-exploits/mambojoomlatupinambis-sql.txt http://secunia.com/advisories/36848 http://www.securityfocus.com/bid/36511 http://www.vupen.com/english/advisories/2009/2730 https://exchange.xforce.ibmcloud.com/vulnerabilities/53454 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3446 – Joomla! Component com_mytube (user_id) 1.0 Beta - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3446
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. Vulnerabilidad de inyección SQL en el componente MyRemote Video Gallery (com_mytube)v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "user_id" en una acción "videos" a index.php. • https://www.exploit-db.com/exploits/9733 http://www.exploit-db.com/exploits/9733 http://www.securityfocus.com/bid/36470 https://exchange.xforce.ibmcloud.com/vulnerabilities/53401 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3316 – Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3316
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. Vulnerabilidad de inyección SQL en el componente JReservation (com_jreservation) v1.0 y v1.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "pid" en una acción propertycpanel a index.php. • https://www.exploit-db.com/exploits/9713 http://osvdb.org/58176 http://secunia.com/advisories/36774 http://www.exploit-db.com/exploits/9713 http://www.securityfocus.com/bid/36446 https://exchange.xforce.ibmcloud.com/vulnerabilities/53327 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •