CVE-2010-1956 – Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1956
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente Gadget Factory (com_gadgetfactory) v1.0.0 y v1.5.0 para Joomla! • https://www.exploit-db.com/exploits/12285 http://osvdb.org/63917 http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt http://secunia.com/advisories/39522 http://www.exploit-db.com/exploits/12285 http://www.securityfocus.com/bid/39547 http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html http://www.vupen.com/english/advisories/2010/0930 https://exchange.xforce.ibmcloud.com/vulnerabilities/57895 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1878 – Joomla! Component OrgChart 1.0.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1878
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente OrgChart (com_orgchart) v1.0.0 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/12317 http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt http://www.exploit-db.com/exploits/12317 http://www.securityfocus.com/bid/39606 https://exchange.xforce.ibmcloud.com/vulnerabilities/58031 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-4428 – Joomla! Component com_joomportfolio - 'secid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4428
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. Vulnerabilidad de inyección SQL en el componente JoomPortfolio (com_joomportfolio) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "secid" in una acción "showcat" en index.php. • https://www.exploit-db.com/exploits/33418 http://osvdb.org/61138 http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt http://secunia.com/advisories/37838 http://www.securityfocus.com/bid/37403 https://exchange.xforce.ibmcloud.com/vulnerabilities/54912 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4233
https://notcve.org/view.php?id=CVE-2009-4233
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. ulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/mod_yj_whois.php en el componente YJ Whois v1.0x y v1.5.x para Joomla! permite a atacantes remotos inyectar código web o HTMl de su elección a través del parámetro domain de index.php. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://extensions.joomla.org/extensions/external-contents/domain-search/5774 http://secunia.com/advisories/37525 http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •