CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 4CVE-2010-0759 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0759
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. Múltiples vulnerabilidades de salto de directorio en plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php en el plugin Core Design Scriptegrator v1.4.1 para Joomla!, permite a atacantes remotos leer, y posiblemente incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro files[], es un vector diferente a CVE-2010-0760. • https://www.exploit-db.com/exploits/11498 http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt http://secunia.com/advisories/38637 http://www.exploit-db.com/exploits/11498 http://www.osvdb.org/62486 http://www.securityfocus.com/bid/38296 https://exchange.xforce.ibmcloud.com/vulnerabilities/56380 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 44%CPEs: 4EXPL: 3CVE-2010-0696 – Joomla! Component Jw_allVideos - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2010-0696
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/download.php en el plugin JoomlaWorks AllVideos (Jw_allVideos) desde v3.0 hasta v3.2 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de ./../.../ (punto punto modificado) en el parámetro "file". • https://www.exploit-db.com/exploits/11447 http://osvdb.org/62331 http://secunia.com/advisories/38587 http://www.exploit-db.com/exploits/11447 http://www.joomlaworks.gr/content/view/77/34 http://www.securityfocus.com/bid/38238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0694 – Joomla! Component com_perchagallery - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0694
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. Vulnerabilidad de inyección SQL en el componente PerchaGallery (com_perchagallery) anteriores a v1.5b para Joomla! permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "id" en una acción "editunidad" a index.php. • https://www.exploit-db.com/exploits/11024 http://docs.joomla.org/Vulnerable_Extensions_List#New_format_Feed_Starts_Here http://packetstormsecurity.org/1001-exploits/joomlaperchagallery-sql.txt http://www.exploit-db.com/exploits/11024 http://www.securityfocus.com/bid/37642 https://exchange.xforce.ibmcloud.com/vulnerabilities/55447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0692
https://notcve.org/view.php?id=CVE-2010-0692
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente IP-Tech JQuarks (com_jquarks) v0.2.3 y posiblemente anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "id" a index.php. • http://secunia.com/advisories/38623 http://www.iptechinside.com/labs/news/show/6 http://www.osvdb.org/62332 http://www.securityfocus.com/bid/38203 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3CVE-2009-4651 – Joomla! Component Webee Comments 1.1/1.2 - Multiple BBCode Tags Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4651
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla! Webee Comments (com_webeecomment) v1.1.1, v1.2, y v2.0 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de las etiquetas (1) color, (2) img y (3) url BBCode en vectores no especificados. • https://www.exploit-db.com/exploits/33638 http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html http://www.securityfocus.com/bid/38204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •