CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 3CVE-2010-2464 – Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2464
25 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados ( XSS) en el componente RSComments (com_rscomments) v1.0.0 Rev 2 para Joomla! permite a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) website y (2) name e... • https://www.exploit-db.com/exploits/13935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2254 – Joomla! Component Bridge of Hope Template - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2254
09 Jun 2010 — SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. Vulnerabilidad de inyección SQL en la plantilla "Shape5 Bridge of Hope" de Joomla! permite a los atacantes remotos ejecutar comandos SQL a su elección a través del parámetro "id" en una acción "article" a index.php. • https://www.exploit-db.com/exploits/10964 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2255 – Joomla! Component com_bfsurvey_basic - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2255
09 Jun 2010 — SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente BF Survey Pro (com_bfsurvey_pro) anterior v1.3.1, componente BF Survey Pro Free (com_bfsurve... • https://www.exploit-db.com/exploits/10944 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2259 – Joomla! Component com_bfsurvey - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2259
09 Jun 2010 — Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en componente BF Survey (com_bfsurvey) de Jommla! permite a atacantes remotos añadir y ejecutar a su elección archivos locales a través de .. • https://www.exploit-db.com/exploits/10946 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacion... • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2147 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2147
03 Jun 2010 — Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente My Car (com_mycar) v1.0 para Joomla! permite a atacantes remotos inyectar código web o HTML a través del parámetro modveh en index.php. • https://www.exploit-db.com/exploits/12779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2148 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2148
03 Jun 2010 — SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. Vulnerabilidad de inyección SQL en el componente v1.0 My Car (com_mycar) para Joomla! permite a atacantes remotos ejecutar comandos aleatorios SQL a través del parámetro página en index.php • https://www.exploit-db.com/exploits/12779 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 6CVE-2010-2122 – Joomla! Component simpledownload 0.9.5 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2010-2122
01 Jun 2010 — Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente SimpleDownload (com_simpledownload) anterior a v0.9.6 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. • https://www.exploit-db.com/exploits/12623 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 3CVE-2010-2128 – Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2128
01 Jun 2010 — Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente JE Quotation Form (com_jequoteform) v1.0b1 para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente causar otro impacto sin especificar a través de .. • https://www.exploit-db.com/exploits/12607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 6CVE-2010-2129 – JE Ajax Event Calendar - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2129
01 Jun 2010 — Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •