CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 4CVE-2010-4268 – Joomla! Component Pulse Infotech Flip Wall - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4268
16 Nov 2010 — SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Pulse Infotech Flip Wall (com_flipwall) v1.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en index.php • https://www.exploit-db.com/exploits/15366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4270
https://notcve.org/view.php?id=CVE-2010-4270
16 Nov 2010 — Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 201... • http://osvdb.org/69066 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2010-4272 – Joomla! Component Sponsor Wall 1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4272
16 Nov 2010 — SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Pulse Infotech Sponsor Wall (com_sponsorwall) v1.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en index.php • https://www.exploit-db.com/exploits/15367 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3712
https://notcve.org/view.php?id=CVE-2010-3712
27 Oct 2010 — Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario po... • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
05 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-3422 – Joomla! Component JGen 0.9.33 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-3422
16 Sep 2010 — SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el componente JGen (com_jgen) v0.9.33 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción view a index.php. • https://www.exploit-db.com/exploits/14998 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-3426 – Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-3426
16 Sep 2010 — Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en jphone.php en el componente JPhone (com_jphone) v1.0 Alpha 3 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales a su elección a través de un .. • https://www.exploit-db.com/exploits/14964 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2010-3203 – Joomla! Component PicSell 1.0 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2010-3203
03 Sep 2010 — Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. Vulnerabilidad de salto de directorio en el componente PicSell (com_picsell) v1.0 para Joomla! permite a atacantes remotos leer archivos de su elección a través de los caracteres .. • https://www.exploit-db.com/exploits/14845 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-3211 – Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections
https://notcve.org/view.php?id=CVE-2010-3211
03 Sep 2010 — Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. Múltiples vulnerabilidades de inyección SQL en el componente JE FAQ Pro (com_jefaqpro) v1.5.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través de operaciones categorylist con el parámetro (1) catid o (2) o... • https://www.exploit-db.com/exploits/14846 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3028
https://notcve.org/view.php?id=CVE-2010-3028
16 Aug 2010 — The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 • CWE-264: Permissions, Privileges, and Access Controls •