CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 4CVE-2010-1312 – Joomla! Component News Portal 1.5.x - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1312
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una Vulnerabilidad del salto del directorio en el componente iJoomla News Portal (com_news_portal) versión 1.5.x para Joomla! permite a los atacantes remotos leer archivos arbitrarios por medio de un .. • https://www.exploit-db.com/exploits/12077 http://osvdb.org/63572 http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt http://secunia.com/advisories/39289 http://www.exploit-db.com/exploits/12077 http://www.securityfocus.com/bid/39222 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0635
https://notcve.org/view.php?id=CVE-2010-0635
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el método plgSearchEventsearch::onSearch en eventsearch.php en el plugin JEvents Search v1.5 a la v1.5.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • http://secunia.com/advisories/38404 http://www.jevents.net/forum/viewtopic.php?f=17&t=3910#p15526 http://www.securityfocus.com/bid/38050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html http://osvdb.org/59801 http://secunia.com/advisories/37262 https://exchange.xforce.ibmcloud.com/vulnerabilities/54161 •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3946
https://notcve.org/view.php?id=CVE-2009-3946
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html http://secunia.com/advisories/37262 http://www.osvdb.org/59800 https://exchange.xforce.ibmcloud.com/vulnerabilities/54160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3342 – Joomla! Component AlphaUserPoints - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3342
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. Vulnerabilidad de inyección SQL en frontend/assets/ajax/checkusername.php en the AlphaUserPoints (com_alphauserpoints) componente v1.5.2 para Joomla! permite a los atacantes remotos, ejecutar arbitrariamente comandos SQL a través del parámetro username2points. • https://www.exploit-db.com/exploits/9654 http://www.securityfocus.com/bid/36383 http://www.vupen.com/english/advisories/2009/2659 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •