Page 4 of 31 results (0.024 seconds)

CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 3

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. Vulnerabilidad de inyección SQL en el componente content (com_content) v1.0.0 de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro Itemid en una acción blogcategory action de index.php. • https://www.exploit-db.com/exploits/6025 https://exchange.xforce.ibmcloud.com/vulnerabilities/52455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 2%CPEs: 30EXPL: 2

Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 http://secunia.com/advisories/33377 http://securityreason.com/securityalert/4896 http://www.securityfocus.com/bid/33143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 5

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. Vulnerabilidad de Inyección SQL en el componente Top Hotel (com_tophotelmodule) v1.0 en el Hotel Booking Reservation System (también conocido como HBS) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través de el parámetro "id" en una acción showhoteldetails a index.php. • https://www.exploit-db.com/exploits/7575 https://www.exploit-db.com/exploits/7538 https://www.exploit-db.com/exploits/7567 https://www.exploit-db.com/exploits/7539 http://securityreason.com/securityalert/4871 http://www.securityfocus.com/bid/32952 https://exchange.xforce.ibmcloud.com/vulnerabilities/47540 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •