CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4573
https://notcve.org/view.php?id=CVE-2009-4573
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Joomulus (mod_joomulus)v2.0 para Joomla permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a traves del parámetro "tagcloud" en una accion de uso de tags en (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, y posiblemente (5) tagcloud_jpn.swf. NOTA: La procedencia de esta información es desconocida ; los detalles fueron unicamente obtenidos de terceras partes. • http://secunia.com/advisories/37994 http://www.osvdb.org/61343 http://www.osvdb.org/61344 http://www.osvdb.org/61345 http://www.osvdb.org/61346 https://exchange.xforce.ibmcloud.com/vulnerabilities/55156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2010-0157 – Joomla! Component com_biblestudy - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0157
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. Vulnerabilidad de salto de directorio en el componente Bible Study (com_biblestudy) v6.1 para Joomla! permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un .. • https://www.exploit-db.com/exploits/10943 http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt http://secunia.com/advisories/37896 http://www.securityfocus.com/bid/37583 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4583 – Joomla! Component com_dhforum - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4583
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. Vulnerabilidad de inyección SQL en el componente DhForum (com_dhforum) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción grouplist en index.php. • https://www.exploit-db.com/exploits/10742 http://packetstormsecurity.org/0912-exploits/joomladhforum-sql.txt http://www.exploit-db.com/exploits/10742 http://www.securityfocus.com/bid/37475 https://exchange.xforce.ibmcloud.com/vulnerabilities/55157 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4550 – Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4550
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Vulnerabilidad de inyección SQL en el componente Kunena Forum (com_kunena) v1.5.3 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "func" a index.php. • https://www.exploit-db.com/exploits/9408 http://secunia.com/advisories/36245 http://www.exploit-db.com/exploits/9408 http://www.securityfocus.com/bid/36020 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4475 – Joomla! Component com_Joomlaub - 'aid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4475
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! Joomlub (com_joomlub), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro aid en una acción edit sobre index.html. • https://www.exploit-db.com/exploits/9593 http://packetstormsecurity.org/0909-exploits/joomlajoomlub-sql.txt http://secunia.com/advisories/36607 http://www.exploit-db.com/exploits/9593 http://www.securityfocus.com/bid/36287 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •