CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 4CVE-2010-2846 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2846
23 Jul 2010 — Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "afmsg" a index.php. • https://www.exploit-db.com/exploits/14263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2847 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2847
23 Jul 2010 — Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a travé... • https://www.exploit-db.com/exploits/14263 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 4CVE-2010-2848 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2848
23 Jul 2010 — Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. Vulnerabilidad de salto de directorio en assets/captcha/includes/alikon/playcode.php en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/14263 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2851
https://notcve.org/view.php?id=CVE-2010-2851
23 Jul 2010 — SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el módulo BookLibrary From Same Author (com_booklibrary) 1.5, y posiblemente versiones anteriores, para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción view a index.php. • http://secunia.com/advisories/40130 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4946
https://notcve.org/view.php?id=CVE-2009-4946
22 Jul 2010 — Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de salto de directorio en el componente Messaging (com_messaging), en versiones anteriores a la 1.5.1 para Joomla!... • http://osvdb.org/53195 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2009-4938
https://notcve.org/view.php?id=CVE-2009-4938
22 Jul 2010 — SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. Vulnerabilidad de inyección SQL en el componente JVideo! (Com_jvideo) beta v0.3.11c y v0.3.x de Joomla! • http://www.exploit-db.com/exploits/8821 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2694 – Joomla! Component redSHOP 1.0 - 'pid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2694
12 Jul 2010 — SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. Vulnerabilidad de inyección SQL en el componente redSHOP (com_redshop) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pid para index.php • https://www.exploit-db.com/exploits/14312 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2680 – Joomla! Component jesectionfinder - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2680
09 Jul 2010 — Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. Vulnerabilidad de salto de directorio de en el componente para Joomla! JExtensions JE Section/Property Finder (jesectionfinder) permite a atacantes remotos incluir y ejecutar archivos locales a través de secuencias de salto de directorio en el parámetro... • https://www.exploit-db.com/exploits/14064 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2681 – Joomla! Component com_sef - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-2681
09 Jul 2010 — PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. Vulnerabilidad de inclusion remota de archivo PHP en el componente para Joomla! SEF404x (com_sef) permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro mosConfig.absolute.path a index.php. • https://www.exploit-db.com/exploits/14055 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2682 – Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2682
09 Jul 2010 — Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Realtyna Translator (com_realtyna) v1.0.15 para Joomla!, permite a atacantes remotos leer ficheros arbitrarios y tener posiblemente otro tipo de impacto no especificado al utilizar caracteres .. • https://www.exploit-db.com/exploits/14017 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •