Page 64 of 804 results (0.012 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. Joomla! versión 1.6.0, es vulnerable a una inyección SQL por medio de los parámetros filter_order y filer_order_Dir. • https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html https://www.openwall.com/lists/oss-security/2011/03/14/21 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4

SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente JS Calendar (com_jscalendar) v1.5.1 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro EV_ID en una acción de información a index.php. • https://www.exploit-db.com/exploits/15224 http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txt http://secunia.com/advisories/41766 http://securityreason.com/securityalert/8223 http://www.exploit-db.com/exploits/15224 http://www.securityfocus.com/bid/43902 https://exchange.xforce.ibmcloud.com/vulnerabilities/62379 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el componente JoomlaSeller JS Calendar (com_jscalendar) v1.5.1 y v1.5.4 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1)"month" y (2)"year" en una acción jscalendar a index.php. • https://www.exploit-db.com/exploits/15224 http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txt http://secunia.com/advisories/41766 http://securityreason.com/securityalert/8223 http://www.exploit-db.com/exploits/15224 http://www.securityfocus.com/bid/43902 https://exchange.xforce.ibmcloud.com/vulnerabilities/62378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php. Vulnerabilidad de salto de directorio en el componente Jimtawl (com_jimtawl) 1.0.2 de Joomla!. Permite a atacantes remotos leer archivos arbitrarios y posiblemente tener un impacto no especificado a través de un .. • https://www.exploit-db.com/exploits/15585 http://secunia.com/advisories/42324 http://www.exploit-db.com/exploits/15585 http://www.securityfocus.com/bid/44992 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. Vulnerabilidad de inyección SQL en el componente Maian Media Silver (com_maianmedia) para Joomla!, permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat en una acción de music a index.php. • http://packetstormsecurity.org/files/view/95879/joomlamaianmedia-sql.txt http://secunia.com/advisories/42284 http://securityreason.com/securityalert/8084 http://www.exploit-db.com/exploits/555 http://www.osvdb.org/69358 http://www.securityfocus.com/bid/44877 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •