CVE-2010-4865 – Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4865
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. Vulnerabilidad de inyección SQL en el componente JE Guestbook (com_jeguestbook) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro d_itemid de un acción item_detail de index.php. • https://www.exploit-db.com/exploits/15157 http://adv.salvatorefresta.net/JE_Guestbook_1.0_Joomla_Component_Multiple_Remote_Vulnerabilities-30092010.txt http://osvdb.org/68283 http://secunia.com/advisories/41651 http://securityreason.com/securityalert/8422 http://www.exploit-db.com/exploits/15157 http://www.securityfocus.com/archive/1/514064/100/0/threaded http://www.securityfocus.com/bid/43605 https://exchange.xforce.ibmcloud.com/vulnerabilities/62151 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4864 – Joomla! Component Club Manager - 'cm_id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4864
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. Vulnerabilidad de inyección SQL en el componente Club Manager (com_clubmanager) de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cm_id "equip presenta" de index.php. • https://www.exploit-db.com/exploits/34820 http://packetstormsecurity.org/1010-exploits/joomlaclubmanager-sql.txt http://securityreason.com/securityalert/8421 http://www.securityfocus.com/bid/43821 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4862
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 http://osvdb.org/68308 http://secunia.com/advisories/41681 http://www.exploit-db.com/exploits/15163 http://www.securityfocus.com/bid/43630 https://exchange.xforce.ibmcloud.com/vulnerabilities/62191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4853 – Joomla! Component ccInvoices - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4853
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. Vulnerabilidad de inyección SQL en el componente ccInvoices (com_ccinvoices) de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de una acción viewInv de index.php. • https://www.exploit-db.com/exploits/15430 http://packetstormsecurity.org/1011-exploits/joomlaccinvoices-sql.txt http://securityreason.com/securityalert/8413 http://www.exploit-db.com/exploits/15430 https://exchange.xforce.ibmcloud.com/vulnerabilities/63079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-7302
https://notcve.org/view.php?id=CVE-2008-7302
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el "conocimiento de ... el contenido de un archivo encriptado". • http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html http://www.nbill.co.uk/newsflash/important-security-announcement.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •