CVE-2010-4865 – Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4865
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. Vulnerabilidad de inyección SQL en el componente JE Guestbook (com_jeguestbook) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro d_itemid de un acción item_detail de index.php. • https://www.exploit-db.com/exploits/15157 http://adv.salvatorefresta.net/JE_Guestbook_1.0_Joomla_Component_Multiple_Remote_Vulnerabilities-30092010.txt http://osvdb.org/68283 http://secunia.com/advisories/41651 http://securityreason.com/securityalert/8422 http://www.exploit-db.com/exploits/15157 http://www.securityfocus.com/archive/1/514064/100/0/threaded http://www.securityfocus.com/bid/43605 https://exchange.xforce.ibmcloud.com/vulnerabilities/62151 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4862
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 http://osvdb.org/68308 http://secunia.com/advisories/41681 http://www.exploit-db.com/exploits/15163 http://www.securityfocus.com/bid/43630 https://exchange.xforce.ibmcloud.com/vulnerabilities/62191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4720
https://notcve.org/view.php?id=CVE-2010-4720
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. Vulnerabilidad de inyección SQL en el componente JExtensions JE Auto (com_jeauto) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados relacionados con la página del artículo. • http://osvdb.org/69791 http://secunia.com/advisories/42616 http://www.joomlaextensions.co.in/extensions/components/je-auto.html http://www.securityfocus.com/bid/45366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4517 – Joomla! Component JE Auto 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4517
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Auto (com_jeauto) 1.0 para Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "char" en una acción "item" para index.php. • https://www.exploit-db.com/exploits/15714 http://www.exploit-db.com/exploits/15714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4365 – Joomla! Component JE Ajax Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4365
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro event_id en una acción alleventlist_more a index.php. • https://www.exploit-db.com/exploits/15610 https://www.exploit-db.com/exploits/13997 http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt http://secunia.com/advisories/39836 http://www.exploit-db.com/exploits/15610 http://www.securityfocus.com/bid/45050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •