CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5113 – Joomla! Component Techfolio 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5113
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección de código SQL en frontend/models/techfoliodetail.php en el componente Techfolio (com_techfolio) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro catid. • https://www.exploit-db.com/exploits/18042 http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0 http://www.exploit-db.com/exploits/18042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2011-5099 – Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5099
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en helper/popup.php en el componente ccNewsletter (mod_ccnewsletter) v1.0.7 a v1.0.9 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/37101 http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html http://secunia.com/advisories/48934 http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html http://www.securityfocus.com/bid/53208 https://exchange.xforce.ibmcloud.com/vulnerabilities/75112 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4256
https://notcve.org/view.php?id=CVE-2012-4256
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. El componente jNews (com_jnews) v7.5.1 para Joomla! permite a atacantes remotos obtener información sensible mediante el parámetro emailsearch, lo cual revela la ruta de instalación en un mensaje de error. • http://hauntit.blogspot.com/2012/04/en-jnews-jnewscore751-information.html http://packetstormsecurity.org/files/112233/jNews-7.5.1-Information-Disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2012-4235
https://notcve.org/view.php?id=CVE-2012-4235
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. El componente The RSGallery2 (com_rsgallery2) anterior a v3.2.0 para Joomla! v2.5.x no coloca archivos index.html en los directorios de imágenes, lo que permite a atacantes remotos enumerar nombres de fichero de imagen a través de una petición de un URI del directorio. • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •