CVE-2008-6882 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6882
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. Componente Live Chat (com_livechat) v1.0 para Joomla! permite a los atacantes remotos usar la secuencia de comandos xmlhttp.php como un proxy HTTP abierto para esconder una actividad de escaner de la red o un escaner de redes internas a través de una petición GET con una URL completa en la pregunta. • https://www.exploit-db.com/exploits/7441 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47305 • CWE-20: Improper Input Validation •
CVE-2009-2633 – Joomla! Component com_vehiclemanager 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2633
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP toolbar_ext.php en el componente VehicleManager(com_vehiclemanager)v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro "mosConfig_absolute_path". • https://www.exploit-db.com/exploits/8920 http://www.exploit-db.com/exploits/8920 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2635 – Joomla! Component com_realestatemanager 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2635
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP en toolbar_ext.php en el componente RealEstateManager (com_realestatemanager) v1.0 Basic para Joomla! permite a atacantes remotos ejecutar código PHP de forma arbitraria a través de una URL en el parámetro "mosConfig_absolute_path". • https://www.exploit-db.com/exploits/8919 http://www.exploit-db.com/exploits/8919 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-6841 – Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6841
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. Vulnerabilidad de inclusión remota de archivo PHP en los componentes Green Mountain Information Technology y Consulting Database Query v1.4.1.1 y anteriores para Joomla! , permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro "mosConfig_absolute_path" a classes/DBQ/admin/common.class.php. • https://www.exploit-db.com/exploits/6003 http://www.securityfocus.com/bid/30093 https://exchange.xforce.ibmcloud.com/vulnerabilities/43615 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2015 – Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2015
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/file_includer.php en el componente Ideal MooFAQ (com_moofaq) v1.0 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/8898 http://secunia.com/advisories/35370 http://www.securityfocus.com/bid/35259 http://www.vupen.com/english/advisories/2009/1530 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •