CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 4CVE-2010-2044 – Joomla! Component Komento 1.0.0 - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2044
25 May 2010 — SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Konsultasi (com_konsultasi) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid en la acción detail en index.php. • https://www.exploit-db.com/exploits/12590 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 5CVE-2010-1956 – Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1956
18 May 2010 — Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente Gadget Factory (com_gadgetfactory) v1.0.0 y v1.5.0 para Joomla! • https://www.exploit-db.com/exploits/12285 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2010-1878 – Joomla! Component OrgChart 1.0.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1878
11 May 2010 — Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente OrgChart (com_orgchart) v1.0.0 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/12317 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4428 – Joomla! Component com_joomportfolio - 'secid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4428
28 Dec 2009 — SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. Vulnerabilidad de inyección SQL en el componente JoomPortfolio (com_joomportfolio) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "secid" in una acción "showcat" en index.php. • https://www.exploit-db.com/exploits/33418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4233
https://notcve.org/view.php?id=CVE-2009-4233
08 Dec 2009 — Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. ulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/mod_yj_whois.php en el componente YJ Whois v1.0x y v1.5.x para Joomla! permite a atacantes remotos inyectar código web o HTMl de su elección ... • http://extensions.joomla.org/extensions/external-contents/domain-search/5774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
16 Sep 2009 — SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6923 – Joomla! Component Content 1.0.0 - 'itemID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6923
10 Aug 2009 — SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. Vulnerabilidad de inyección SQL en el componente content (com_content) v1.0.0 de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro Itemid en una acción blogcategory action de index.php. • https://www.exploit-db.com/exploits/6025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
26 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar ... • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
09 Jan 2009 — Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 5CVE-2008-5864 – Joomla! Component 5starhotels - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5864
06 Jan 2009 — SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. Vulnerabilidad de Inyección SQL en el componente Top Hotel (com_tophotelmodule) v1.0 en el Hotel Booking Reservation System (también conocido como HBS) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a tra... • https://www.exploit-db.com/exploits/7575 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •