CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
16 Sep 2009 — SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3054 – Joomla! Component com_artportal 1.0 - 'portalid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3054
03 Sep 2009 — SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Artetics.com Art Portal (com_artportal) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro portalid en index.php. • https://www.exploit-db.com/exploits/9563 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3063 – Joomla! Component com_gameserver 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3063
03 Sep 2009 — SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. Vulnerabilidad de inyección SQL el componente Game Server(com_gameserver) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "gamepanel" en una acción a index.php. • https://www.exploit-db.com/exploits/9571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6883 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6883
30 Jul 2009 — SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente para Joomla! Live Chat v1.0 (com_livechat), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "last" a getChatRoom.php. • https://www.exploit-db.com/exploits/7441 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6881 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6881
30 Jul 2009 — Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. Vulnerabilidad de inyección múltiple SQL en el componente Live Chat (com_livechat) para Joomla! permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los últimos parámetro para (1) getChat.php, (2) getChatRoom.php, y (3) getSavedChatRo... • https://www.exploit-db.com/exploits/7441 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2008-6882 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6882
30 Jul 2009 — Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. Componente Live Chat (com_livechat) v1.0 para Joomla! permite a los atacantes remotos usar la secuencia de comandos xmlhttp.php como un proxy HTTP abierto para esconder una actividad de escaner de la red o un escaner de redes internas a través de una petición GET con ... • https://www.exploit-db.com/exploits/7441 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2633 – Joomla! Component com_vehiclemanager 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2633
28 Jul 2009 — PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP toolbar_ext.php en el componente VehicleManager(com_vehiclemanager)v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro "mosConfig_absolute_path". • https://www.exploit-db.com/exploits/8920 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2635 – Joomla! Component com_realestatemanager 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2635
28 Jul 2009 — PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP en toolbar_ext.php en el componente RealEstateManager (com_realestatemanager) v1.0 Basic para Joomla! permite a atacantes remotos ejecutar código PHP de forma arbitraria a través de una URL en el parámetro "mosConfig... • https://www.exploit-db.com/exploits/8919 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2008-6841 – Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6841
01 Jul 2009 — PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. Vulnerabilidad de inclusión remota de archivo PHP en los componentes Green Mountain Information Technology y Consulting Database Query v1.4.1.1 y anteriores para Joomla! , permiten a atacantes remo... • https://www.exploit-db.com/exploits/6003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2009-2015 – Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2015
09 Jun 2009 — Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/file_includer.php en el componente Ideal MooFAQ (com_moofaq) v1.0 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/8898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •