CVSS: 7.5EPSS: 44%CPEs: 4EXPL: 3CVE-2010-0696 – Joomla! Component Jw_allVideos - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2010-0696
23 Feb 2010 — Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/download.php en el plugin JoomlaWorks AllVideos (Jw_allVideos) desde v3.0 hasta v3.2 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de ./../.../ (punto punto modificado) en el parámetro "fi... • https://www.exploit-db.com/exploits/11447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0692
https://notcve.org/view.php?id=CVE-2010-0692
23 Feb 2010 — SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente IP-Tech JQuarks (com_jquarks) v0.2.3 y posiblemente anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "id" a index.php. • http://secunia.com/advisories/38623 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0694 – Joomla! Component com_perchagallery - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0694
23 Feb 2010 — SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. Vulnerabilidad de inyección SQL en el componente PerchaGallery (com_perchagallery) anteriores a v1.5b para Joomla! permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "id" en una acción "editunidad" a index.php. • https://www.exploit-db.com/exploits/11024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 4CVE-2009-4650 – Joomla! Component Webee Comments 1.1/1.2 - 'index2.php' articleId SQL Injection
https://notcve.org/view.php?id=CVE-2009-4650
22 Feb 2010 — SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Webee Comments (com_webeecomment) v1.1.1, v1.2 y v2.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "art... • https://www.exploit-db.com/exploits/33637 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2009-4651 – Joomla! Component Webee Comments 1.1/1.2 - Multiple BBCode Tags Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4651
22 Feb 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla! Webee Comments (com_webeecomment) v1.1.1, v1.2, y v2.0 para Joomla!, permite a atacantes remotos inyectar secuencias de c... • https://www.exploit-db.com/exploits/33638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-0676
https://notcve.org/view.php?id=CVE-2010-0676
22 Feb 2010 — Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. Vulnerabilidad de salto de directorio en el componente RWCards (com_rwcards) v3.0.18 para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0670
https://notcve.org/view.php?id=CVE-2010-0670
22 Feb 2010 — Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. Vulnerabilidad no especificada en el componente para Joomla! IP-Tech JQuarks (com_jquarks) anteriores a la v0.2.4, permitiría a los atacantes obtener el path de instalación de Joomla! • http://www.iptechinside.com/labs/news/show/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0632 – Joomla! Component com_simplefaq - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0632
12 Feb 2010 — SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php. Vulnerabilidad de inyección SQL en el componente Parkview Consultants SimpleFAQ (com_simplefaq) para Joomla!, permite a atacantes remotos ejecutar comandos SAQL de su elección a través del parámetro "catid" en una acción display a index.php. • https://www.exploit-db.com/exploits/11294 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0635
https://notcve.org/view.php?id=CVE-2010-0635
12 Feb 2010 — SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el método plgSearchEventsearch::onSearch en eventsearch.php en el plugin JEvents Search v1.5 a la v1.5.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de ... • http://secunia.com/advisories/38404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0610 – Joomla! Component com_photoblog - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0610
11 Feb 2010 — Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. El componente Photoblog (com_photoblog) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "blog" en una acción images al index.php. • https://www.exploit-db.com/exploits/11337 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •