CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0796 – Joomla! Component JE Quiz - 'eid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0796
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. Vulnerabilidad de inyección SQL en el componente JE Quiz (com_jequizmanagement) v1.b01 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "eid" en una acción "question" a index.php. • https://www.exploit-db.com/exploits/11287 http://osvdb.org/62039 http://packetstormsecurity.org/1001-exploits/joomlajequiz-sql.txt http://secunia.com/advisories/38412 http://www.exploit-db.com/exploits/11287 http://www.securityfocus.com/bid/38032 https://exchange.xforce.ibmcloud.com/vulnerabilities/56009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0803 – Joomla! Component jVideoDirect - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0803
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. Vulnerabilidad de inyección SQL en el componente jVideoDirect (com_jvideodirect) v1.1 RC3b para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "v" al index.php. • https://www.exploit-db.com/exploits/11280 http://osvdb.org/62042 http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt http://secunia.com/advisories/38436 http://www.exploit-db.com/exploits/11280 http://www.securityfocus.com/bid/37990 https://exchange.xforce.ibmcloud.com/vulnerabilities/55957 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0795 – Joomla! Component JE Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0795
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. Vulnerabilidad de inyección SQL en el componente JE Event Calendars (com_jeeventcalendar) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "event_id" en una acción "event" a index.php. • https://www.exploit-db.com/exploits/11292 http://osvdb.org/62038 http://secunia.com/advisories/38408 http://www.exploit-db.com/exploits/11292 http://www.securityfocus.com/bid/38012 https://exchange.xforce.ibmcloud.com/vulnerabilities/56008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0760 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0760
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de salto de directorio en el plugin Core Design Scriptegrator plugin 1.4.1 para Joomla!, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro (1) file sobre libraries/jquery/js/ui/jsloader.php y (2) files[] sobre libraries/jquery/js/jsloader.php , vector distinto a CVE-2010-0759. • https://www.exploit-db.com/exploits/11498 http://secunia.com/advisories/38637 http://www.osvdb.org/62484 http://www.osvdb.org/62485 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 4CVE-2010-0759 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0759
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. Múltiples vulnerabilidades de salto de directorio en plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php en el plugin Core Design Scriptegrator v1.4.1 para Joomla!, permite a atacantes remotos leer, y posiblemente incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro files[], es un vector diferente a CVE-2010-0760. • https://www.exploit-db.com/exploits/11498 http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt http://secunia.com/advisories/38637 http://www.exploit-db.com/exploits/11498 http://www.osvdb.org/62486 http://www.securityfocus.com/bid/38296 https://exchange.xforce.ibmcloud.com/vulnerabilities/56380 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •