Page 2 of 34 results (0.005 seconds)

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4

Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en joomlaflickr.php en el componente Joomla Flickr v1.0.3 (com_joomlaflickr) para Joomla!, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. • https://www.exploit-db.com/exploits/12085 http://bitbucket.org/roberto.aloi/joomla-flickr/changeset/64ebf6b25030 http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt http://secunia.com/advisories/39358 http://www.exploit-db.com/exploits/12085 http://www.securityfocus.com/bid/39251 https://exchange.xforce.ibmcloud.com/vulnerabilities/57573 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 4

Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente redSHOP (com_redshop) v1.0.x para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12054 http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt http://redcomponent.com/redshop/redshop-changelog http://secunia.com/advisories/39343 http://www.exploit-db.com/exploits/12054 http://www.osvdb.org/63535 http://www.securityfocus.com/bid/39206 https://exchange.xforce.ibmcloud.com/vulnerabilities/57512 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 2%CPEs: 13EXPL: 2

Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 http://osvdb.org/62506 http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt http://secunia.com/advisories/38692 http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html http://www.securityfocus.com/bid/38330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 4

Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente AutartiTarot (com_autartitarot) v1.0.3 para Joomla! permite a usuarios remotos autenticados, com permisos de grupo "Public Back-end", leer ficheros de forma arbitraria a través de secuencias de salto de directorio en el parámetro "controller" en una edición de administrator/index.php. • https://www.exploit-db.com/exploits/33590 http://osvdb.org/62041 http://packetstormsecurity.org/1001-exploits/joomlaautartitarot-traversal.txt http://secunia.com/advisories/38434 http://www.securityfocus.com/bid/38034 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 3

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •