CVE-2008-6234 – Mambo Component com_Musica - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6234
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyeccion SQL en modulo de Joomla! com_musica y Mambo lo que permite a atacantes remotos ejecutar comandos SQL a su eleccion a traves del parametro "id" en index.php • https://www.exploit-db.com/exploits/5207 http://www.securityfocus.com/archive/1/488996/100/0/threaded http://www.securityfocus.com/bid/28061 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6221 – Joomla! Component Dada Mail Manager 2.6 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6221
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. Vulnerabilidad de inclusion remota de ficheros PHP en config.dadamail.php en el componente the Dada Mail Manager (com_dadamail)v2.6 para Joomla! lo que permitiria atacantes remotos ejecutar codigo PHP a su eleccion a traves de una URL en el parametro "GLOBALS[mosConfig_absolute_path]". • https://www.exploit-db.com/exploits/7002 http://secunia.com/advisories/32551 http://www.securityfocus.com/bid/32135 http://www.vupen.com/english/advisories/2008/3021 https://exchange.xforce.ibmcloud.com/vulnerabilities/46378 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-6222 – Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6222
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. Vulnerabilidad de salto de directorio en el componente Pro Desk Support Center (com_pro_desk) v1.0 y v1.2 de Joomla! permite a atacantes remotos leer ficheros a su eleccion a traves de .. • https://www.exploit-db.com/exploits/6980 https://www.exploit-db.com/exploits/15460 http://secunia.com/advisories/32523 http://www.securityfocus.com/bid/32113 https://exchange.xforce.ibmcloud.com/vulnerabilities/46356 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-6181 – Joomla! Component mad4Joomla! - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6181
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mad4Joomla Mailforms (com_mad4joomla), antes de v1.1.8.2, para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "jid" a index.php. • https://www.exploit-db.com/exploits/6724 http://secunia.com/advisories/32239 http://www.mad4media.de/mad4joomla-mailforms-faq.html http://www.mad4media.de/mad4joomla-mailforms.html http://www.securityfocus.com/bid/31712 https://exchange.xforce.ibmcloud.com/vulnerabilities/45815 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6184 – Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6184
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. Vulnerabilidad de inyección SQL en el componente OwnBiblio (com_ownbiblio) v1.5.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción "catalogue" de index.php. • https://www.exploit-db.com/exploits/6730 http://secunia.com/advisories/32235 http://www.securityfocus.com/bid/31725 https://exchange.xforce.ibmcloud.com/vulnerabilities/45814 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •