CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 3CVE-2010-0157 – Joomla! Component com_biblestudy - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0157
06 Jan 2010 — Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. Vulnerabilidad de salto de directorio en el componente Bible Study (com_biblestudy) v6.1 para Joomla! permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un .. • https://www.exploit-db.com/exploits/10943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 4CVE-2010-0158 – Joomla! Component Bamboo Simpla Admin Template - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0158
06 Jan 2010 — SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be co... • https://www.exploit-db.com/exploits/10971 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4550 – Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4550
04 Jan 2010 — SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Vulnerabilidad de inyección SQL en el componente Kunena Forum (com_kunena) v1.5.3 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "func" a index.php. • https://www.exploit-db.com/exploits/9408 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4475 – Joomla! Component com_Joomlaub - 'aid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4475
30 Dec 2009 — SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! Joomlub (com_joomlub), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro aid en una acción edit sobre index.html. • https://www.exploit-db.com/exploits/9593 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4428 – Joomla! Component com_joomportfolio - 'secid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4428
28 Dec 2009 — SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. Vulnerabilidad de inyección SQL en el componente JoomPortfolio (com_joomportfolio) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "secid" in una acción "showcat" en index.php. • https://www.exploit-db.com/exploits/33418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4431 – Joomla! Component com_jcalpro 1.5.3.6 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4431
28 Dec 2009 — PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cal_popup.php en el componente Anything Digital Development JCal Pro (también conocido como com_jcalpro o JCP) v1.5.3.6 para Joomla! permite a atacantes remotos ejecutar código PHP de su elecci... • https://www.exploit-db.com/exploits/10587 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4255
https://notcve.org/view.php?id=CVE-2009-4255
10 Dec 2009 — Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la plantilla You! • http://secunia.com/advisories/37601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4232
https://notcve.org/view.php?id=CVE-2009-4232
08 Dec 2009 — The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. El componente Kide Shoutbox (com_kide) v0.4.6 para Joomla! no realiza adecuadamente la autenticación, lo que permite a atacantes remotos enviar mensajes con un nombre de cuenta a su e... • http://secunia.com/advisories/37508 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4233
https://notcve.org/view.php?id=CVE-2009-4233
08 Dec 2009 — Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. ulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/mod_yj_whois.php en el componente YJ Whois v1.0x y v1.5.x para Joomla! permite a atacantes remotos inyectar código web o HTMl de su elección ... • http://extensions.joomla.org/extensions/external-contents/domain-search/5774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-4217 – Joomla! Component MusicGallery - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4217
07 Dec 2009 — SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente Itamar Elharar MusicGallery (com_musicgallery) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a tr... • https://www.exploit-db.com/exploits/10250 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •