CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3335 – Joomla! Component Turtushout 0.11 - 'Name' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3335
24 Sep 2009 — SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. Vulnerabilidad de inyección SQL en el componente TurtuShout v0.11 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del campo Name. • https://www.exploit-db.com/exploits/9653 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3342 – Joomla! Component AlphaUserPoints - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3342
24 Sep 2009 — SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. Vulnerabilidad de inyección SQL en frontend/assets/ajax/checkusername.php en the AlphaUserPoints (com_alphauserpoints) componente v1.5.2 para Joomla! permite a los atacantes remotos, ejecutar arbitrariamente comandos SQL a través del parámetro username2points. • https://www.exploit-db.com/exploits/9654 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2009-3357 – Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2009-3357
24 Sep 2009 — Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. Múlt... • https://www.exploit-db.com/exploits/9648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2009-3368 – Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2009-3368
24 Sep 2009 — Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente Hotel Booking Reservation System (también conocido por HBS o com_hbssearch) para Joomla! permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su ele... • https://www.exploit-db.com/exploits/9648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3316 – Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3316
23 Sep 2009 — SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. Vulnerabilidad de inyección SQL en el componente JReservation (com_jreservation) v1.0 y v1.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "pid" en una acción propertycpanel a index.php. • https://www.exploit-db.com/exploits/9713 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 3CVE-2009-3318 – Joomla! Component com_album 1.14 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3318
23 Sep 2009 — Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. Vulnerabilidad de salto de directorio en el componente Roland Breedveld Album (com_album) v1.14 para Joomla!, permite a atacantes remotos acceder a directorios de su elección y tener otro impacto a través de .. • https://www.exploit-db.com/exploits/9706 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3325 – Joomla! Component com_surveymanager 1.5.0 - 'stype' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3325
23 Sep 2009 — SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. Vulnerabilidad de inyección SQL en el componente Focusplus Developments Survey Manager(com_surveymanager) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "stype" en una acción "editsurvey" a index.php. • https://www.exploit-db.com/exploits/9721 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2009-3332 – Joomla! Component com_jbudgetsmagic 0.3.2 < 0.4.0 - 'bid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3332
23 Sep 2009 — SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. Vulnerabilidad de inyección SQL en el componente JBudgetsMagic(com_jbudgetsmagic) v0.3.2 a la v0.4.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "bid" en una acción "mybudget" a index.php. • https://www.exploit-db.com/exploits/9723 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3334 – Joomla! Component com_jinc 0.2 - 'newsid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3334
23 Sep 2009 — SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. Vulnerabilidad de inyección SQL en el componente Lhacky! • https://www.exploit-db.com/exploits/9732 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
16 Sep 2009 — SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •