CVE-2010-1461 – Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1461
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente Photo Battle (com_photobattle) v1.0.1 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro view en index.php. • https://www.exploit-db.com/exploits/12232 http://osvdb.org/63800 http://secunia.com/advisories/39469 http://www.exploit-db.com/exploits/12232 http://www.securityfocus.com/bid/39504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1354 – Joomla! Component VJDEO 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1354
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente VJDEO (com_vjdeo) v1.0 y v1.0.1 para Joomla! • https://www.exploit-db.com/exploits/12102 http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt http://secunia.com/advisories/39296 http://www.exploit-db.com/exploits/12102 http://www.securityfocus.com/bid/39266 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1081 – Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1081
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 http://osvdb.org/62506 http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt http://secunia.com/advisories/38692 http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html http://www.securityfocus.com/bid/38330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-4255
https://notcve.org/view.php?id=CVE-2009-4255
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la plantilla You! • http://secunia.com/advisories/37601 http://www.exploit-db.com/exploits/10301 https://exchange.xforce.ibmcloud.com/vulnerabilities/54570 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •