CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4809 – Joomla! Component HM Community - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4809
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el componente HM Community (com_hmcommunity) v1.01 para Joomla!, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de los parámetros (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] en una tarea guardada para un perfil en index.php. • https://www.exploit-db.com/exploits/18050 http://joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&Itemid=118&id=38 http://secunia.com/advisories/46656 http://www.exploit-db.com/exploits/18050 http://www.osvdb.org/76726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2011-4570 – Joomla! Component Time Returns 2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4570
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. Vulnerabilidad de inyección SQL en el componente v2.0 Time Returns (com_timereturns) y posiblemente versiones anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro in en una acción timereturns a index.php • https://www.exploit-db.com/exploits/17944 http://osvdb.org/76268 http://secunia.com/advisories/46267 http://www.exploit-db.com/exploits/17944 http://www.securityfocus.com/bid/50026 https://exchange.xforce.ibmcloud.com/vulnerabilities/70431 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4571 – Joomla! Component Estate Agent - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4571
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. Vulnerabilidad de inyección SQL en el componente Estate Agent (com_estateagent) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción showEO a index.php • https://www.exploit-db.com/exploits/18728 http://packetstormsecurity.org/files/view/105618/joomlaestateagent-sql.txt http://www.securityfocus.com/bid/50024 https://exchange.xforce.ibmcloud.com/vulnerabilities/70444 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2011-4321
https://notcve.org/view.php?id=CVE-2011-4321
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change http://www.openwall.com/lists/oss-security/2011/11/21/1 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-4332
https://notcve.org/view.php?id=CVE-2011-4332
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.6.3 y anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html http://seclists.org/fulldisclosure/2011/Nov/142 http://www.mavitunasecurity.com/xss-vulnerability-in-joomla-163 http://www.openwall.com/lists/oss-security/2011/11/21/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •