CVSS: 5.8EPSS: 17%CPEs: 2EXPL: 5CVE-2010-0467 – Joomla! Component CCNewsLetter - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0467
02 Feb 2010 — Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. Vulnerabilidad de salto de directorio en el componente ccNewsletter (com_ccnewsletter) v1.0.5 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11277 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0456 – Joomla! Component com_gameserver - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0456
28 Jan 2010 — SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. Vulnerabilidad de inyección SQL en el componente indianpulse Game Server (com_gameserver) v1.2 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "grp" en una acción gameserver a index.php. • https://www.exploit-db.com/exploits/11222 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0459 – Joomla! Component com_mochigames - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0459
28 Jan 2010 — SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mochigames (com_mochigames) v0.51 y posiblemente otras versiones para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "id" a index.php. • https://www.exploit-db.com/exploits/11243 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0461 – Joomla! Component com_casino - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0461
28 Jan 2010 — SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. Vulnerabilidad de inyección SQL en el componente casino (com_casino) v1.0 para Joomla! permite a atacantes remotos comandos SQL arbitrarios a través de el parámetro "id" en la acción (1) categoría o (2) player a index.php. • https://www.exploit-db.com/exploits/11237 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0372 – Joomla! Component com_articlemanager - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0372
21 Jan 2010 — SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. Vulnerabilidad de inyección SQL en el componente Articlemanager para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "artid" en una acción display a index.php. • https://www.exploit-db.com/exploits/11140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0373 – Joomla! Component com_libros - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0373
21 Jan 2010 — SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente libros (com_libros) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción de detalle a index.php • https://www.exploit-db.com/exploits/11178 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2010-0374 – Joomla! Component com_marketplace 1.2 - 'catid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0374
21 Jan 2010 — Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente Marketplace (com_marketplace) 1.2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "catid" en una acción "show_category" para... • https://www.exploit-db.com/exploits/33529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-4619
https://notcve.org/view.php?id=CVE-2009-4619
18 Jan 2010 — SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Lucy Games (com_lucygames) v1.5.4 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través de el parámetro "gameid" en una acción "game" de index.php. • http://www.exploit-db.com/exploits/9614 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4620 – Joomla! Component Joomloc 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4620
18 Jan 2010 — SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. Vulnerabilidad de inyección SQL en el componente Joomloc (com_joomloc) v1.0 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "edit task" (editar tarea) de index.php. • https://www.exploit-db.com/exploits/9604 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-4625 – Joomla! Component BF Survey Pro Free - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4625
18 Jan 2010 — SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. Vulnerabilidad de inyección SQL en la función updateOnePage de components/com_bfsurvey_pro/controller.php del componente Joomla! BF Survey Pro Free (com_bfsurvey_profree) v1.2... • https://www.exploit-db.com/exploits/9601 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •