CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6275
https://notcve.org/view.php?id=CVE-2008-6275
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo User Karma v5.x anterior a v5.x-1.13 y v6.x anterior a v6.x-1.0-beta1 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de mensajes no especificados. • http://drupal.org/node/339553 http://osvdb.org/50208 http://secunia.com/advisories/32904 http://www.securityfocus.com/bid/32491 https://exchange.xforce.ibmcloud.com/vulnerabilities/46947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0726 – Joomla! Component gigCalendar 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0726
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. Vulnerabilidad de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro gigcal_gigs_id en una acción details en index.php. • https://www.exploit-db.com/exploits/7746 http://www.securityfocus.com/bid/33241 https://exchange.xforce.ibmcloud.com/vulnerabilities/47919 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 4CVE-2009-0730 – Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0730
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. Múltiples vulnerabilidades de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) el parámetro gigcal _venues_id en una acción details para index.php, que no es manejada adecuadamente por venuedetails.php y (2) el parámetro gigcal_bands_id parameter en una acción details para index.php, que no es manejada adecuadamente por banddetails.php. Se trata de vectores diferentes de CVE-2009-0726. • https://www.exploit-db.com/exploits/32807 https://www.exploit-db.com/exploits/7815 http://www.securityfocus.com/archive/1/501174/100/0/threaded http://www.securityfocus.com/archive/1/501175/100/0/threaded http://www.securityfocus.com/archive/1/501176/100/0/threaded http://www.securityfocus.com/bid/33859 http://www.securityfocus.com/bid/33863 https://exchange.xforce.ibmcloud.com/vulnerabilities/48865 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0706
https://notcve.org/view.php?id=CVE-2009-0706
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. Vulnerabilidad de inyección SQL en el componente Simple Review (com_simple_review) v1.3.5 para Joomla! y Mambo permite a atacantes remotos ejecutar comandos SQL de su elección, a través del parámetro "category" en index.php. • http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt http://www.securityfocus.com/bid/33102 https://exchange.xforce.ibmcloud.com/vulnerabilities/47726 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0702 – Joomla! Component com_phocadocumentation - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0702
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. Una vulnerabilidad de inyección de SQL en el componente Phoca Documentation (com_phocadocumentation) de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción sección a index.php. • https://www.exploit-db.com/exploits/7670 http://www.securityfocus.com/bid/33114 http://www.vupen.com/english/advisories/2009/0026 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •