CVE-2011-0511 – Joomla! Component allCineVid 1.0.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2011-0511
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en team.php en el componente allCineVid (com_allcinevid) v1.0.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en index.php • https://www.exploit-db.com/exploits/16010 http://adv.salvatorefresta.net/allCineVid_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-18012011.txt http://secunia.com/advisories/42967 http://www.exploit-db.com/exploits/16010 http://www.securityfocus.com/bid/45840 https://exchange.xforce.ibmcloud.com/vulnerabilities/64823 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-0005 – Joomla! 1.0.x - 'ordering' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0005
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo com_search de Joomla! 1.0.x hasta la 1.0.15. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro ordering de index.php. • https://www.exploit-db.com/exploits/35167 http://osvdb.org/70369 http://packetstormsecurity.org/files/view/97273/joomla1015-xss.txt http://www.securityfocus.com/archive/1/515553/100/0/threaded http://www.securityfocus.com/archive/1/515590/100/0/threaded http://www.securityfocus.com/bid/45679 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting https://exchange.xforce.ibmcloud.com/vulnerabilities/64539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4638 – Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4638
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. Vulnerabilidad de inyección SQL en la función submitSurvey de controller.php del componente JQuarks4s (com_jquarks4s) 1.0.0 de Joomla!. Si magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro q en una acción submitSurvey de index.php. • https://www.exploit-db.com/exploits/15466 http://adv.salvatorefresta.net/JQuarks4s_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-08112010.txt http://secunia.com/advisories/42164 http://www.exploit-db.com/exploits/15466 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-2507 – Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2507
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Picasa2Gallery (com_picasa2gallery) v1.2.8 y anteriores para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente otras acciones con impacto desconocido al utilizar caracteres .. • https://www.exploit-db.com/exploits/13981 http://osvdb.org/65674 http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt http://secunia.com/advisories/40297 http://www.exploit-db.com/exploits/13981 http://www.securityfocus.com/bid/41031 https://exchange.xforce.ibmcloud.com/vulnerabilities/59669 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-2464 – Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2464
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados ( XSS) en el componente RSComments (com_rscomments) v1.0.0 Rev 2 para Joomla! permite a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) website y (2) name en index.php. • https://www.exploit-db.com/exploits/13935 http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt http://secunia.com/advisories/40278 http://www.exploit-db.com/exploits/13935 http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html http://www.securityfocus.com/bid/40977 https://exchange.xforce.ibmcloud.com/vulnerabilities/59578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •