CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-0562 – Mambo Component Restaurant 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0562
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. Vulnerabilidad de inyección SQL en index.php en el componente Restaurant (com_restaurant) 1.0 para Mambo and Joomla!. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en una acción de detalle. • https://www.exploit-db.com/exploits/5031 http://www.securityfocus.com/bid/27551 https://exchange.xforce.ibmcloud.com/vulnerabilities/40144 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 2CVE-2007-5427 – Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5427
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla!, com_search 1.0.13 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro searchword. NOTA: Este asunto podría estar relacionado con CVE-2007-4189.1. • https://www.exploit-db.com/exploits/30655 http://osvdb.org/37709 http://secunia.com/advisories/27196 http://securityreason.com/securityalert/3216 http://securityvulns.ru/Rdocument919.html http://websecurity.com.ua/1203 http://www.securityfocus.com/archive/1/482006/100/0/threaded http://www.securityfocus.com/bid/26031 http://www.vupen.com/english/advisories/2007/3495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4184
https://notcve.org/view.php?id=CVE-2007-4184
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. Vulnerabilidad de inyección SQL en administrator/popups/pollwindows.php de Jopomla! 1.0.12 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pollid. • http://www.securityfocus.com/archive/1/475066/100/0/threaded http://www.securityfocus.com/archive/1/480738/100/0/threaded http://www.securityfocus.com/archive/1/480757/100/0/threaded http://www.securityfocus.com/archive/1/480809/100/0/threaded •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4185
https://notcve.org/view.php?id=CVE-2007-4185
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. Joomla! 1.0.12 permite a atacantes remotos obtener información sensible mediante una petición directa a (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, y (6) TemplateCache.php en includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; y otros componentes no especificados, lo cual revela la ruta en varios mensajes de error. • http://osvdb.org/39037 http://osvdb.org/39038 http://osvdb.org/39039 http://osvdb.org/39040 http://osvdb.org/39041 http://osvdb.org/39042 http://osvdb.org/39043 http://www.securityfocus.com/archive/1/475066/100/0/threaded http://www.securityfocus.com/archive/1/480738/100/0/threaded http://www.securityfocus.com/archive/1/480757/100/0/threaded http://www.securityfocus.com/archive/1/480809/100/0/threaded •
CVSS: 6.8EPSS: 58%CPEs: 4EXPL: 4CVE-2007-2199 – CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2199
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en lib/pcltar.lib.php (también se conoce como pcltar.php) en el módulo PclTar versiones 1.3 y 1.3.1 para la Biblioteca PhpConcept de Vincent Blavet, tal como se utiliza en varios productos, incluido (1) Joomla! versión 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) versión 4.5, (3) CJG EXPLORER PRO versión 3.3, y (4) phpSiteBackup versión 0.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro g_pcltar_lib_dir . • https://www.exploit-db.com/exploits/3915 https://www.exploit-db.com/exploits/3781 https://www.exploit-db.com/exploits/4111 http://osvdb.org/34803 http://osvdb.org/36009 http://secunia.com/advisories/25230 http://www.attrition.org/pipermail/vim/2007-May/001618.html http://www.hackers.ir/advisories/joomla.html http://www.securityfocus.com/archive/1/466687/100/0/threaded http://www.securityfocus.com/archive/1/478503/100/0/threaded http://www.securityfocus.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •