CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2147 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2147
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente My Car (com_mycar) v1.0 para Joomla! permite a atacantes remotos inyectar código web o HTML a través del parámetro modveh en index.php. • https://www.exploit-db.com/exploits/12779 http://osvdb.org/65000 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58976 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-2148 – Joomla! Component My Car 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2148
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. Vulnerabilidad de inyección SQL en el componente v1.0 My Car (com_mycar) para Joomla! permite a atacantes remotos ejecutar comandos aleatorios SQL a través del parámetro página en index.php • https://www.exploit-db.com/exploits/12779 http://osvdb.org/64999 http://secunia.com/advisories/39983 http://www.exploit-db.com/exploits/12779 http://www.securityfocus.com/bid/40430 http://www.vupen.com/english/advisories/2010/1271 http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58975 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2010-2128 – Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2128
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente JE Quotation Form (com_jequoteform) v1.0b1 para Joomla! permite a atacantes remotos leer archivos de su elección y posiblemente causar otro impacto sin especificar a través de .. • https://www.exploit-db.com/exploits/12607 http://secunia.com/advisories/39832 http://www.exploit-db.com/exploits/12607 http://www.osvdb.org/64706 http://www.securityfocus.com/bid/40187 https://exchange.xforce.ibmcloud.com/vulnerabilities/58593 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2036 – Joomla! Component Percha Fields Attach 1.0 - 'Controller' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2010-2036
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Percha Fields Attach (com_perchafieldsattach) v1.x de Joomla!. Permite a atacantes remotos leer ficheros de su elección y, posiblemente, tener otro impacto a través de un .. • https://www.exploit-db.com/exploits/34004 http://packetstormsecurity.org/1005-exploits/joomlaperchafa-lfi.txt http://www.securityfocus.com/bid/40244 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1949 – Joomla! Component Online News Paper Manager 1.0 - 'cid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1949
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Online News Paper Manager (com_jnewspaper) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cid" de index.php. • https://www.exploit-db.com/exploits/12305 http://secunia.com/advisories/39536 http://www.exploit-db.com/exploits/12305 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •