CVE-2010-4968 – Joomla! Component com_wmtpic 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4968
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente webmaster-tips.net Flash Gallery (com_wmtpic) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" al index.php. • https://www.exploit-db.com/exploits/14128 http://packetstormsecurity.org/1007-exploits/joomlawmtpic-sql.txt http://securityreason.com/securityalert/8492 http://www.exploit-db.com/exploits/14128 http://www.securityfocus.com/bid/41253 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4937 – Joomla! Component Amblog 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2010-4937
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Amblog (com_amblog) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) articleid o (2) catid sobre index.php. • https://www.exploit-db.com/exploits/14596 http://adv.salvatorefresta.net/Amblog_1.0_Joomla_Component_Multiple_SQL_Injection_Vulnerabilities-10082010.txt http://secunia.com/advisories/40932 http://securityreason.com/securityalert/8456 http://www.exploit-db.com/exploits/14596 http://www.securityfocus.com/archive/1/512975/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4949 – Joomla! Component FreiChat 1.0/2.x - HTML Injection
https://notcve.org/view.php?id=CVE-2010-4949
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el (1) componente FreiChat anterior a v2.1.2 para Joomla! y en el (2) componente FreiChatPure anterior v1.2.2 para Joomla! • https://www.exploit-db.com/exploits/34374 http://forum.joomla.org/viewtopic.php?p=2209586 http://secunia.com/advisories/40751 http://www.osvdb.org/66628 http://www.securityfocus.com/bid/41961 https://exchange.xforce.ibmcloud.com/vulnerabilities/60828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4865 – Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4865
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. Vulnerabilidad de inyección SQL en el componente JE Guestbook (com_jeguestbook) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro d_itemid de un acción item_detail de index.php. • https://www.exploit-db.com/exploits/15157 http://adv.salvatorefresta.net/JE_Guestbook_1.0_Joomla_Component_Multiple_Remote_Vulnerabilities-30092010.txt http://osvdb.org/68283 http://secunia.com/advisories/41651 http://securityreason.com/securityalert/8422 http://www.exploit-db.com/exploits/15157 http://www.securityfocus.com/archive/1/514064/100/0/threaded http://www.securityfocus.com/bid/43605 https://exchange.xforce.ibmcloud.com/vulnerabilities/62151 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4862
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 http://osvdb.org/68308 http://secunia.com/advisories/41681 http://www.exploit-db.com/exploits/15163 http://www.securityfocus.com/bid/43630 https://exchange.xforce.ibmcloud.com/vulnerabilities/62191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •