CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6430 – Joomla! Component MyContent 1.1.13 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6430
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el componente MyContent (com_mycontent) v1.1.13 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción "view" de index.php. • https://www.exploit-db.com/exploits/5714 http://osvdb.org/45852 http://secunia.com/advisories/30490 http://www.securityfocus.com/bid/29468 https://exchange.xforce.ibmcloud.com/vulnerabilities/42783 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2008-6347 – Joomla! Component ongumatimesheet20 4b - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6347
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Una vulnerabilidad de inclusión de archivo PHP remoto en lib/onguma.class.php en el componente de Joomla! Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b, permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/6976 http://www.securityfocus.com/bid/32095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6337 – Joomla! Component Volunteer 2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6337
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. Vulnerabilidad de inyección SQL en el módulo Volunteer Management System (com_volunteer) v2.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL a través del parámetro job_id en una acción jobshow sobre el fichero index.php. • https://www.exploit-db.com/exploits/7546 http://secunia.com/advisories/33271 http://www.securityfocus.com/bid/32973 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6276
https://notcve.org/view.php?id=CVE-2008-6276
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. Múltiples vulnerabilidades de inyección SQL en el módulo User Karma v5.x anterior a v5.x-1.13 y v6.x anterior a v6.x-1.0-beta1 para Drupal, permite a administradores autenticados remotamente ejecutar comandos SQL de su elección a través de (1) un tipo de contenido o (2) un valor "voting API". • http://drupal.org/node/339553 http://osvdb.org/50207 http://secunia.com/advisories/32904 http://www.securityfocus.com/bid/32491 https://exchange.xforce.ibmcloud.com/vulnerabilities/46946 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •