CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4862
05 Oct 2011 — SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4865 – Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4865
05 Oct 2011 — SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. Vulnerabilidad de inyección SQL en el componente JE Guestbook (com_jeguestbook) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro d_itemid de un acción item_detail de index.php. • https://www.exploit-db.com/exploits/15157 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4720
https://notcve.org/view.php?id=CVE-2010-4720
01 Feb 2011 — SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. Vulnerabilidad de inyección SQL en el componente JExtensions JE Auto (com_jeauto) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados relacionados con la página del artículo. • http://osvdb.org/69791 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-4517 – Joomla! Component JE Auto 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4517
09 Dec 2010 — SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Auto (com_jeauto) 1.0 para Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "char" en una acción "item" para index... • https://www.exploit-db.com/exploits/15714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2010-4365 – Joomla! Component JE Ajax Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4365
01 Dec 2010 — SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro event_id en una acción alleventlist_more a index.php. • https://www.exploit-db.com/exploits/15610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2680 – Joomla! Component jesectionfinder - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2680
09 Jul 2010 — Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. Vulnerabilidad de salto de directorio de en el componente para Joomla! JExtensions JE Section/Property Finder (jesectionfinder) permite a atacantes remotos incluir y ejecutar archivos locales a través de secuencias de salto de directorio en el parámetro... • https://www.exploit-db.com/exploits/14064 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2010-2613 – Joomla! Component JE Awd Song - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2613
01 Jul 2010 — Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente para Joomla! "JExtensions JE Song AWD" (com_awd_song), permite a atacantes remotos inyectar HTML o secuencias de comandos web a través del campo "song review", que no... • https://www.exploit-db.com/exploits/14059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2513 – Joomla! Component JE Ajax Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2513
28 Jun 2010 — SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro view sobre index.php • https://www.exploit-db.com/exploits/15610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 3CVE-2010-2128 – Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2128
01 Jun 2010 — Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente JE Quotation Form (com_jequoteform) v1.0b1 para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente causar otro impacto sin especificar a través de .. • https://www.exploit-db.com/exploits/12607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 6CVE-2010-2129 – JE Ajax Event Calendar - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2129
01 Jun 2010 — Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •