CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1822 – Joomla! Component ArtForms 2.1 b7 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-1822
29 May 2009 — Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el componente InterJoomla ArtForms (com_artforms) v2.1b7 para Joomla! permite a... • https://www.exploit-db.com/exploits/8697 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1736 – Joomla! Component com_gsticketsystem - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-1736
20 May 2009 — SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. Vulnerabilidad de inyección SQL en el componente GridSupport (GS) Ticket System (com_gsticketsystem) para Joomla! que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro catid en la acción viewCategory para index.php • https://www.exploit-db.com/exploits/8731 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2009-1496 – Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1496
01 May 2009 — Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. Vulnerabilidad de salto de directorio en el componente Cmi Marketplace (com_cmimarketplace) v0.1 para Joomla! permite a atacantes remotos listar directorios a su elección a través de un .. • https://www.exploit-db.com/exploits/8367 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1499 – Joomla! Component MailTo - 'article' SQL Injection
https://notcve.org/view.php?id=CVE-2009-1499
01 May 2009 — SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. Vulnerabilidad de inyección de SQL en el componente MailTo (alias com_mailto) en Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro artículo (article) en index.php. • https://www.exploit-db.com/exploits/8366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2009-1280
https://notcve.org/view.php?id=CVE-2009-1280
09 Apr 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición de sitios cruzados en el componente com_media para Joomla! v1.5.x hasta v1.5.9 permite a atacantes remotos secuestrar la autentificación de de víctimas no especificadas mediante vectores desconocidos. • http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-1279
https://notcve.org/view.php?id=CVE-2009-1279
09 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.5 hasta 1.5.9, permite a atacantes remotos web script o HTML de su elección a través de vectores... • http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1258
https://notcve.org/view.php?id=CVE-2009-1258
07 Apr 2009 — SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente RD-Autos (com_rdautos) v1.5.7 para Joomla! permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través del parámetro "makeid" en index.php. • http://osvdb.org/53138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-1263 – Joomla! Component com_bookJoomlas 0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-1263
07 Apr 2009 — SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. Vulnerabilidad de inyección SQL en sub_commententry.php en el componente BookJoomlas (com_bookjoomlas) v0.1 para Joomla! permite a atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro "gbid" en una acción de comentario en index.php. • https://www.exploit-db.com/exploits/8353 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2008-6653 – Joomla! Component Webhosting - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6653
07 Apr 2009 — SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en webhosting.php en el modulo Webhosting (com_webhosting) anteriores a v1.1 RC7 para Joomla! y Mambo permite a atacantes remotos ejecutar comando SQL de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/5527 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6489 – Joomla! Component MyAlbum 1.0 - 'album' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6489
19 Mar 2009 — SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. Vulnerabildiad de inyección SQL en el componente MyAlbum (com_myalbum) 1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "album" a indexl.php. • https://www.exploit-db.com/exploits/5318 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •