CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000121 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQL en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000122 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000122
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000119 – Huge IT Joomla Catalog Extension 1.0.4 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000119
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla Inyección SQL y XSS en la extensión de catálogo Huge IT v1.0.4 para Joomla Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/catalog http://www.securityfocus.com/bid/92185 http://www.vapidlabs.com/advisory.php?v=167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-1000113 – Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000113
XSS and SQLi in huge IT gallery v1.1.5 for Joomla XSS y SQLi en galería huge IT v1.1.5 para Joomla. Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro http://www.securityfocus.com/bid/92102 http://www.vapidlabs.com/advisory.php?v=164 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11018 – Huge-IT gallery-images <= 1.8.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11018
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Se detectó un problema en el plugin Huge-IT gallery-images versiones anteriores a 1.9.0 para WordPress. • http://10degres.net/cve-2016-11018-image-gallery-sql-injection https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9 https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •