CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2690 – Joomla! Component Gamesbox 1.0.2 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2690
09 Jul 2010 — SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. Una vulnerabilidad de inyección SQL en el componente para Joomla! Gamesbox JOOFORGE (com_gamesbox) v1.0.2, (y posiblemente en versiones anteriores también) permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción consoles a index.php. • https://www.exploit-db.com/exploits/14126 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2678
https://notcve.org/view.php?id=CVE-2010-2678
08 Jul 2010 — SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente xmap (com_xmap) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro Itemid a index.php. • http://www.securityfocus.com/archive/1/510374/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2679 – Joomla! Component com_weblinks - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2679
08 Jul 2010 — SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el componente Weblinks (com_weblinks) de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción de vista a index.php. • https://www.exploit-db.com/exploits/33812 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2622 – Joomla! Component Joomanager - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2622
02 Jul 2010 — SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Una vulnerabilidad de inyección SQL en el componente Joomanager, posiblemente v1.1.1, para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro catid de index.php. • https://www.exploit-db.com/exploits/14127 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2010-2613 – Joomla! Component JE Awd Song - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2613
01 Jul 2010 — Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente para Joomla! "JExtensions JE Song AWD" (com_awd_song), permite a atacantes remotos inyectar HTML o secuencias de comandos web a través del campo "song review", que no... • https://www.exploit-db.com/exploits/14059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1522
https://notcve.org/view.php?id=CVE-2010-1522
01 Jul 2010 — Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente BookLibrary Basic (com_booklib... • http://ordasoft.com/Download/Download-document/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 1%CPEs: 10EXPL: 4CVE-2010-2507 – Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2507
28 Jun 2010 — Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Picasa2Gallery (com_picasa2gallery) v1.2.8 y anteriores para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente otras acciones con impacto desconocido... • https://www.exploit-db.com/exploits/13981 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2513 – Joomla! Component JE Ajax Event Calendar - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2513
28 Jun 2010 — SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro view sobre index.php • https://www.exploit-db.com/exploits/15610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2514
https://notcve.org/view.php?id=CVE-2010-2514
28 Jun 2010 — Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente JFaq (com_jfaq) v1.2 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro question en una acción add2 sobre index.php. • http://osvdb.org/65694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2515
https://notcve.org/view.php?id=CVE-2010-2515
28 Jun 2010 — Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en index.php en el componente JFa... • http://osvdb.org/65695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •