CVE-2009-0730 – Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0730
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. Múltiples vulnerabilidades de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) el parámetro gigcal _venues_id en una acción details para index.php, que no es manejada adecuadamente por venuedetails.php y (2) el parámetro gigcal_bands_id parameter en una acción details para index.php, que no es manejada adecuadamente por banddetails.php. Se trata de vectores diferentes de CVE-2009-0726. • https://www.exploit-db.com/exploits/32807 https://www.exploit-db.com/exploits/7815 http://www.securityfocus.com/archive/1/501174/100/0/threaded http://www.securityfocus.com/archive/1/501175/100/0/threaded http://www.securityfocus.com/archive/1/501176/100/0/threaded http://www.securityfocus.com/bid/33859 http://www.securityfocus.com/bid/33863 https://exchange.xforce.ibmcloud.com/vulnerabilities/48865 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6222 – Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6222
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. Vulnerabilidad de salto de directorio en el componente Pro Desk Support Center (com_pro_desk) v1.0 y v1.2 de Joomla! permite a atacantes remotos leer ficheros a su eleccion a traves de .. • https://www.exploit-db.com/exploits/6980 https://www.exploit-db.com/exploits/15460 http://secunia.com/advisories/32523 http://www.securityfocus.com/bid/32113 https://exchange.xforce.ibmcloud.com/vulnerabilities/46356 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-6148 – Joomla! Component Live Ticker 1.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6148
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. Una vulnerabilidad de inyección de SQL en el componente Live Ticker (com_liveticker) 1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro tid en una acción viewticker en index.php. • https://www.exploit-db.com/exploits/7573 http://secunia.com/advisories/33312 http://www.securityfocus.com/bid/33010 https://exchange.xforce.ibmcloud.com/vulnerabilities/47605 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6116 – Joomla! Component Thyme 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6116
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. Vulnerabilidad de inyección SQL en el componente EXtrovert Software Thyme (com_thyme)v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "event" al index.php. • https://www.exploit-db.com/exploits/7182 http://www.securityfocus.com/bid/32417 https://exchange.xforce.ibmcloud.com/vulnerabilities/46777 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 http://secunia.com/advisories/33377 http://securityreason.com/securityalert/4896 http://www.securityfocus.com/bid/33143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •