CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4166
https://notcve.org/view.php?id=CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos SQL a través de (1) el parámetro filter_order en una acción de categoría com_weblinks a index.php, (2) el parámetro filter_order_Dir en una acción de categoría com_weblinks a index.php, o (3) el parámetro filter_order_Dir en una acción com_messages a administrator/index.php. • http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html http://openwall.com/lists/oss-security/2010/11/12/5 http://openwall.com/lists/oss-security/2010/11/12/6 http://secunia.com/advisories/42133 http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order%29_front.jpg http://yehg.net/lab/pr0js/advisories&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4696
https://notcve.org/view.php?id=CVE-2010-4696
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) filter_order o (2) filter_order_Dir en una acción com_contact a index.php, una vulnerabilidad diferente de CVE-2010-4166. • http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html http://openwall.com/lists/oss-security/2010/11/12/5 http://openwall.com/lists/oss-security/2010/11/12/6 http://secunia.com/advisories/42133 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 3CVE-2011-0005 – Joomla! 1.0.x - 'ordering' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0005
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo com_search de Joomla! 1.0.x hasta la 1.0.15. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro ordering de index.php. • https://www.exploit-db.com/exploits/35167 http://osvdb.org/70369 http://packetstormsecurity.org/files/view/97273/joomla1015-xss.txt http://www.securityfocus.com/archive/1/515553/100/0/threaded http://www.securityfocus.com/archive/1/515590/100/0/threaded http://www.securityfocus.com/bid/45679 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting https://exchange.xforce.ibmcloud.com/vulnerabilities/64539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4638 – Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4638
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. Vulnerabilidad de inyección SQL en la función submitSurvey de controller.php del componente JQuarks4s (com_jquarks4s) 1.0.0 de Joomla!. Si magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro q en una acción submitSurvey de index.php. • https://www.exploit-db.com/exploits/15466 http://adv.salvatorefresta.net/JQuarks4s_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-08112010.txt http://secunia.com/advisories/42164 http://www.exploit-db.com/exploits/15466 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2010-4618
https://notcve.org/view.php?id=CVE-2010-4618
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Algis Info aiContactSafe anterior a v 2.0.14 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/42723 http://www.algisinfo.com/forum/announcements-english/aicontactsafe-2-0-14.html http://www.algisinfo.com/joomla/aicontactsafe-change-log.html http://www.securityfocus.com/bid/45507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •