CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5053 – Joomla! Component XOBBIX 1.0 - 'prodid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-5053
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. Vulnerabilidad de inyección SQL en el componente XOBBIX (com_xobbix) v1.0.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro prodid en una acción prod_desc en index.php • https://www.exploit-db.com/exploits/12097 http://packetstormsecurity.org/1004-exploits/joomlaxobbix-sql.txt http://secunia.com/advisories/39312 http://www.exploit-db.com/exploits/12097 http://www.securityfocus.com/bid/39259 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5048 – Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-5048
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin.jcomments.php en el componente JoomlaTune JComments (com_jcomments)para Joomla!, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML a través del parámetro name en index.php • https://www.exploit-db.com/exploits/33998 http://packetstormsecurity.org/1005-exploits/joomlajcomments-xss.txt http://secunia.com/advisories/39842 http://www.htbridge.ch/advisory/xss_vulnerability_in_jcomments_joomla.html http://www.joomlatune.com/jcomments-v.2.2-release-notes.html http://www.securityfocus.com/archive/1/511320/100/0/threaded http://www.securityfocus.com/bid/40230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5056 – Joomla! Component GBU Facebook 1.0.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-5056
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. Vulnerabilidad de inyección SQL en el componente GBU Facebook (com_gbufacebook) v1.0.5 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro face_id. una acción show_face de index.php • https://www.exploit-db.com/exploits/12299 http://packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt http://secunia.com/advisories/39487 http://www.exploit-db.com/exploits/12299 http://www.securityfocus.com/bid/39576 http://www.vupen.com/english/advisories/2010/0944 https://exchange.xforce.ibmcloud.com/vulnerabilities/57946 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-5028 – Joomla! Component JE Job 1.0 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-5028
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Job (com_jejob) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción de "item" para index.php. • https://www.exploit-db.com/exploits/12782 https://www.exploit-db.com/exploits/12601 http://secunia.com/advisories/39837 http://www.exploit-db.com/exploits/12782 http://www.osvdb.org/64708 http://www.securityfocus.com/bid/40193 http://www.vupen.com/english/advisories/2010/1269 https://exchange.xforce.ibmcloud.com/vulnerabilities/58599 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5043 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65187 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 https://exchange.xforce.ibmcloud.com/vulnerabilities/59142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •