CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 4CVE-2010-1475 – Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1475
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Preventive & Reservation (com_preventive) v1.0.5 para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente tener otros impactos al utilizar caracteres ".." • https://www.exploit-db.com/exploits/12147 http://packetstormsecurity.org/1004-exploits/joomlapr-lfi.txt http://secunia.com/advisories/39285 http://www.exploit-db.com/exploits/12147 http://www.securityfocus.com/bid/39387 https://exchange.xforce.ibmcloud.com/vulnerabilities/57652 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 13EXPL: 2CVE-2010-1081 – Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1081
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 http://osvdb.org/62506 http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt http://secunia.com/advisories/38692 http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html http://www.securityfocus.com/bid/38330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 7%CPEs: 2EXPL: 5CVE-2010-0467 – Joomla! Component CCNewsLetter - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0467
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. Vulnerabilidad de salto de directorio en el componente ccNewsletter (com_ccnewsletter) v1.0.5 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11277 https://www.exploit-db.com/exploits/11282 http://secunia.com/advisories/38378 http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html http://www.exploit-db.com/exploits/11277 http://www.exploit-db.com/exploits/11282 http://www.securityfocus.com/bid/37987 https://exchange.xforce.ibmcloud.com/vulnerabilities/55953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •