CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4994
https://notcve.org/view.php?id=CVE-2010-4994
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. Vulnerabilidad de inyección SQL en el componente Jobs Pro 1.6.4 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro detailed_results de search_jobs.html. • http://packetstormsecurity.org/1007-exploits/joomlajobspro-sql.txt http://securityreason.com/securityalert/8498 http://www.exploit-db.com/exploits/14246 http://www.securityfocus.com/bid/41403 https://exchange.xforce.ibmcloud.com/vulnerabilities/60121 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4993 – Joomla! Component eventCal 1.6.4 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4993
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente eventcal (com_eventcal) 1.6.4 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro Itemid de index.php. • https://www.exploit-db.com/exploits/14187 http://packetstormsecurity.org/1007-exploits/joomlaeventcal-sql.txt http://securityreason.com/securityalert/8496 http://www.exploit-db.com/exploits/14187 http://www.securityfocus.com/bid/41369 https://exchange.xforce.ibmcloud.com/vulnerabilities/60060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 2CVE-2011-2710
https://notcve.org/view.php?id=CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! before v1.7.0, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de(1) la URI sobre includes/application.php, accesible desde index.php; y, cuando de usa Internet Explorer o Konqueror, (2) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchword en una acción search sobre index.php en el componente com_search. • http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html http://www.openwall.com/lists/oss-security/2011/07/22/1 http://www.openwall.com/lists/oss-security/2011/07/22/5 http://www.openwall.com/lists/oss-security/2011/10/16/1 http://www.openwall.com/lists/oss-security/2011/11/21/27 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 2CVE-2009-0421 – Joomla! Component com_Eventing 1.6.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-0421
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! Eventing (com_eventing) v1.6.x; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de index.php. • https://www.exploit-db.com/exploits/7793 http://secunia.com/advisories/33563 http://www.securityfocus.com/bid/33296 https://exchange.xforce.ibmcloud.com/vulnerabilities/48016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •