CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 4CVE-2010-5044 – Joomla! Component Search Log 3.1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-5044
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en los models/log.php en el componente Search Log (com_searchlog) v3.1.0 para Joomla! permite a usuarios autenticados remotamente, con privilegios Public Back-end, ejecutar comandos SQL a través del parámetro search en una acción de registro en administrator/index.php. • https://www.exploit-db.com/exploits/13746 https://www.exploit-db.com/exploits/13745 http://osvdb.org/65185 http://secunia.com/advisories/40055 http://www.exploit-db.com/exploits/13746 http://www.securityfocus.com/bid/40588 http://www.vupen.com/english/advisories/2010/1363 https://exchange.xforce.ibmcloud.com/vulnerabilities/59152 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5043 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65187 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 https://exchange.xforce.ibmcloud.com/vulnerabilities/59142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 7CVE-2010-5032 – Joomla! Component BF Quiz 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-5032
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! BF Quiz (com_bfquiztrial) anterior a v1.3.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción bfquiztrial sobre index.php. • https://www.exploit-db.com/exploits/12796 https://www.exploit-db.com/exploits/12780 http://osvdb.org/65001 http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txt http://secunia.com/advisories/39960 http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txt http://www.securityfocus.com/bid/40435 http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0 http://www.vupen.com/english/advisories/2010/1272 http://xenuser.org/documents/security • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4971 – VideoWhisper PHP 2 Way Video Chat - 'r' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4971
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente VideoWhisper PHP 2 Way Video Chat para Joomla!, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través del parámetro "r" al index.php. • https://www.exploit-db.com/exploits/34138 http://packetstormsecurity.org/1006-exploits/joomlavideowhisper-xss.txt http://secunia.com/advisories/40193 http://securityreason.com/securityalert/8500 http://www.securityfocus.com/bid/40832 https://exchange.xforce.ibmcloud.com/vulnerabilities/59376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5042 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5042
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente DJ-ArtGallery (com_djartgallery) de 0.9.1 for Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro cid[] en una acción editItem de administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65188 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 http://www.vupen.com/english/advisories/2010/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/59143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •