CVE-2008-6653 – Joomla! Component Webhosting - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6653
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en webhosting.php en el modulo Webhosting (com_webhosting) anteriores a v1.1 RC7 para Joomla! y Mambo permite a atacantes remotos ejecutar comando SQL de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/5527 http://forum.wh-com.de/index.php?topic=497.0 http://osvdb.org/50423 http://www.securityfocus.com/bid/29000 https://exchange.xforce.ibmcloud.com/vulnerabilities/42124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6050 – Joomla! Component Tech Article 1.x - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6050
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php. Vulnerabilidad de inyección SQL en el componente Tech Articles (com_tech_article) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "item" en el index.php. • https://www.exploit-db.com/exploits/7504 http://www.securityfocus.com/bid/32897 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 http://secunia.com/advisories/33377 http://securityreason.com/securityalert/4896 http://www.securityfocus.com/bid/33143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-5793 – Joomla! Component ClickHeat 1.0.1 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-5793
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. Múltiples vulnerabilidades de inclusión de archivo PHP remoto en el componente para Joomla! Clickheat - Heatmap stats (com_clickheat) v1.0.1, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro (1) GLOBALS[mosConfig_absolute_path] de (a) install.clickheat.php, (b) Cache.php y (c) Clickheat_Heatmap.php en Recly/Clickheat/, y (d) Recly/common/GlobalVariables.php; y el parámetro (2) mosConfig_absolute_path de (e) _main.php y (f) main.php en includes/heatmap, y (g) includes/overview/main.php. • https://www.exploit-db.com/exploits/7038 http://securityreason.com/securityalert/4841 http://www.securityfocus.com/bid/32190 https://exchange.xforce.ibmcloud.com/vulnerabilities/46439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •