CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2010-4795 – Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4795
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente JS Calendar (com_jscalendar) v1.5.1 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro EV_ID en una acción de información a index.php. • https://www.exploit-db.com/exploits/15224 http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txt http://secunia.com/advisories/41766 http://securityreason.com/securityalert/8223 http://www.exploit-db.com/exploits/15224 http://www.securityfocus.com/bid/43902 https://exchange.xforce.ibmcloud.com/vulnerabilities/62379 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 4CVE-2010-4794 – Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4794
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el componente JoomlaSeller JS Calendar (com_jscalendar) v1.5.1 y v1.5.4 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1)"month" y (2)"year" en una acción jscalendar a index.php. • https://www.exploit-db.com/exploits/15224 http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txt http://secunia.com/advisories/41766 http://securityreason.com/securityalert/8223 http://www.exploit-db.com/exploits/15224 http://www.securityfocus.com/bid/43902 https://exchange.xforce.ibmcloud.com/vulnerabilities/62378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4166
https://notcve.org/view.php?id=CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos SQL a través de (1) el parámetro filter_order en una acción de categoría com_weblinks a index.php, (2) el parámetro filter_order_Dir en una acción de categoría com_weblinks a index.php, o (3) el parámetro filter_order_Dir en una acción com_messages a administrator/index.php. • http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html http://openwall.com/lists/oss-security/2010/11/12/5 http://openwall.com/lists/oss-security/2010/11/12/6 http://secunia.com/advisories/42133 http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order%29_front.jpg http://yehg.net/lab/pr0js/advisories&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4696
https://notcve.org/view.php?id=CVE-2010-4696
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) filter_order o (2) filter_order_Dir en una acción com_contact a index.php, una vulnerabilidad diferente de CVE-2010-4166. • http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html http://openwall.com/lists/oss-security/2010/11/12/5 http://openwall.com/lists/oss-security/2010/11/12/6 http://secunia.com/advisories/42133 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3712
https://notcve.org/view.php?id=CVE-2010-3712
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores que implican "multiple encoded entities", como es demostrado por la cadena de consulta a el archivo index.php en el componente com_weblinks o com_content. • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767 http://www.openwall.com/lists/oss-security/2010/10/08/4 http://www.openwall.com/lists/oss-security/2010/10/11/4 http://www.openwall.com/lists/oss-security/2011/03/13/8 http://www.openwall.com/lists/oss-security/2011/03/14/22 http://www.openwall.com/lists& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •