CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4823 – Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4823
15 Dec 2011 — Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Vik Real Estate (com_vikrealestate) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) contract de una acción "results" y el pará... • https://www.exploit-db.com/exploits/18048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4829 – Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4829
15 Dec 2011 — SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente com_listing en el componente Barter Sites v1.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro category_id en index.php • https://www.exploit-db.com/exploits/18046 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4830 – Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4830
15 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente com_listi... • https://www.exploit-db.com/exploits/18046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 12%CPEs: 11EXPL: 2CVE-2011-4804 – Joomla! Component com_kp - 'Controller' Local File Inclusion
https://notcve.org/view.php?id=CVE-2011-4804
14 Dec 2011 — Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilida de salto de directorio en el componente obSuggest (com_obsuggest) antes de v1.8 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro .. • https://www.exploit-db.com/exploits/36598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4808 – Joomla! Component HM Community - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4808
14 Dec 2011 — SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. Vulnerabilidad de inyección SQL en el componente HM Community (com_hmcommunity) antes de v1.01 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción fnd_home de index.php. • https://www.exploit-db.com/exploits/18050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4809 – Joomla! Component HM Community - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4809
14 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. Múltiples vulne... • https://www.exploit-db.com/exploits/18050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2011-4570 – Joomla! Component Time Returns 2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4570
29 Nov 2011 — SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. Vulnerabilidad de inyección SQL en el componente v2.0 Time Returns (com_timereturns) y posiblemente versiones anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro in en una acción timereturns a index.php • https://www.exploit-db.com/exploits/17944 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4571 – Joomla! Component Estate Agent - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4571
29 Nov 2011 — SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. Vulnerabilidad de inyección SQL en el componente Estate Agent (com_estateagent) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción showEO a index.php • https://www.exploit-db.com/exploits/18728 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2011-4321
https://notcve.org/view.php?id=CVE-2011-4321
23 Nov 2011 — The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2011-4332
https://notcve.org/view.php?id=CVE-2011-4332
23 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.6.3 y anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •