CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-4517 – Joomla! Component JE Auto 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4517
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Auto (com_jeauto) 1.0 para Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "char" en una acción "item" para index.php. • https://www.exploit-db.com/exploits/15714 http://www.exploit-db.com/exploits/15714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-3426 – Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-3426
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en jphone.php en el componente JPhone (com_jphone) v1.0 Alpha 3 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales a su elección a través de un .. • https://www.exploit-db.com/exploits/14964 http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt http://www.exploit-db.com/exploits/14964 http://www.securityfocus.com/bid/43147 https://exchange.xforce.ibmcloud.com/vulnerabilities/61723 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2010-3203 – Joomla! Component PicSell 1.0 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2010-3203
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. Vulnerabilidad de salto de directorio en el componente PicSell (com_picsell) v1.0 para Joomla! permite a atacantes remotos leer archivos de su elección a través de los caracteres .. • https://www.exploit-db.com/exploits/14845 http://secunia.com/advisories/41187 http://www.exploit-db.com/exploits/14845 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2909 – Joomla! Component TTVideo 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2909
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. Vulnerabilidad de inyección SQL en ttvideo.php del componente para Joomla! TTVideo (com_ttvideo) v1.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción video sobre index.php. • https://www.exploit-db.com/exploits/14481 http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt http://osvdb.org/66630 http://secunia.com/advisories/40716 http://www.exploit-db.com/exploits/14481 http://www.securityfocus.com/archive/1/512685/100/0/threaded http://www.securityfocus.com/archive/1/512709/100/0/threaded http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file https://exchange.xforce.ibmcloud.com/vulnerabilities/60662 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2694 – Joomla! Component redSHOP 1.0 - 'pid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2694
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. Vulnerabilidad de inyección SQL en el componente redSHOP (com_redshop) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pid para index.php • https://www.exploit-db.com/exploits/14312 https://www.exploit-db.com/exploits/27532 http://secunia.com/advisories/40535 http://www.exploit-db.com/exploits/14312 http://www.securityfocus.com/bid/41533 http://www.vupen.com/english/advisories/2010/1776 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •