CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0803 – Joomla! Component jVideoDirect - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0803
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. Vulnerabilidad de inyección SQL en el componente jVideoDirect (com_jvideodirect) v1.1 RC3b para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "v" al index.php. • https://www.exploit-db.com/exploits/11280 http://osvdb.org/62042 http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt http://secunia.com/advisories/38436 http://www.exploit-db.com/exploits/11280 http://www.securityfocus.com/bid/37990 https://exchange.xforce.ibmcloud.com/vulnerabilities/55957 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-0800 – Joomla! Component com_dms 2.5.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0800
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. Vulnerabilidad de inyección SQL en el componente Ossolution Team Documents Seller (aka DMS) (com_dms) v2.5.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro "category_id" en una acción "view_category" a index.php. • https://www.exploit-db.com/exploits/11289 http://osvdb.org/62040 http://secunia.com/advisories/38410 http://www.exploit-db.com/exploits/11289 http://www.securityfocus.com/bid/38017 http://www.securityfocus.com/bid/38024 https://exchange.xforce.ibmcloud.com/vulnerabilities/56006 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0795 – Joomla! Component JE Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0795
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. Vulnerabilidad de inyección SQL en el componente JE Event Calendars (com_jeeventcalendar) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "event_id" en una acción "event" a index.php. • https://www.exploit-db.com/exploits/11292 http://osvdb.org/62038 http://secunia.com/advisories/38408 http://www.exploit-db.com/exploits/11292 http://www.securityfocus.com/bid/38012 https://exchange.xforce.ibmcloud.com/vulnerabilities/56008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0760 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0760
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de salto de directorio en el plugin Core Design Scriptegrator plugin 1.4.1 para Joomla!, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro (1) file sobre libraries/jquery/js/ui/jsloader.php y (2) files[] sobre libraries/jquery/js/jsloader.php , vector distinto a CVE-2010-0759. • https://www.exploit-db.com/exploits/11498 http://secunia.com/advisories/38637 http://www.osvdb.org/62484 http://www.osvdb.org/62485 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0753 – Joomla! Component user_id com_sqlreport - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0753
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente SQL Reports (com_sqlreport) v1.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user_id sobre ajax/print.php. • https://www.exploit-db.com/exploits/11549 http://osvdb.org/62534 http://secunia.com/advisories/38678 http://www.exploit-db.com/exploits/11549 http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt http://www.securityfocus.com/bid/38361 https://exchange.xforce.ibmcloud.com/vulnerabilities/56476 https://exchange.xforce.ibmcloud.com/vulnerabilities/56541 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •