Page 4 of 22 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4

Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. Vulnerabilidad de salto de directorio de en el componente para Joomla! JExtensions JE Section/Property Finder (jesectionfinder) permite a atacantes remotos incluir y ejecutar archivos locales a través de secuencias de salto de directorio en el parámetro view a index.php. • https://www.exploit-db.com/exploits/14064 http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt http://www.exploit-db.com/exploits/14064 http://www.securityfocus.com/bid/41163 https://exchange.xforce.ibmcloud.com/vulnerabilities/59796 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente para Joomla! "JExtensions JE Song AWD" (com_awd_song), permite a atacantes remotos inyectar HTML o secuencias de comandos web a través del campo "song review", que no es manejado apropiadamente en una acción view de index.php. • https://www.exploit-db.com/exploits/14059 http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt http://www.exploit-db.com/exploits/14059 http://www.securityfocus.com/bid/41165 https://exchange.xforce.ibmcloud.com/vulnerabilities/59807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro view sobre index.php • https://www.exploit-db.com/exploits/15610 https://www.exploit-db.com/exploits/13997 http://packetstormsecurity.org/1006-exploits/joomlajeajax-sql.txt http://www.exploit-db.com/exploits/13997 http://www.securityfocus.com/bid/41058 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3

Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente JE Quotation Form (com_jequoteform) v1.0b1 para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente causar otro impacto sin especificar a través de .. • https://www.exploit-db.com/exploits/12607 http://secunia.com/advisories/39832 http://www.exploit-db.com/exploits/12607 http://www.osvdb.org/64706 http://www.securityfocus.com/bid/40187 https://exchange.xforce.ibmcloud.com/vulnerabilities/58593 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 6

Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 http://packetstormsecurity.org/1005-exploits/joomlaajaxec-lfi.txt http://secunia.com/advisories/39836 http://www.exploit-db.com/exploits/12598 http://www.osvdb.org/64704 http://www.securityfocus.com/bid/40179 http://www.xenuser.org/2010/05/14/joomla-component-je-ajax-event-calendar-local-file-inclusion-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/58602 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •