CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0726 – Joomla! Component gigCalendar 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0726
24 Feb 2009 — SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. Vulnerabilidad de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro gigcal_gigs_id en una acción details en index.php. • https://www.exploit-db.com/exploits/7746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2009-0730 – Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0730
24 Feb 2009 — Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. Múltiples vulnerabilidades ... • https://www.exploit-db.com/exploits/32807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0702 – Joomla! Component com_phocadocumentation - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0702
23 Feb 2009 — SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. Una vulnerabilidad de inyección de SQL en el componente Phoca Documentation (com_phocadocumentation) de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción sección a index.php. • https://www.exploit-db.com/exploits/7670 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0706
https://notcve.org/view.php?id=CVE-2009-0706
23 Feb 2009 — SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. Vulnerabilidad de inyección SQL en el componente Simple Review (com_simple_review) v1.3.5 para Joomla! y Mambo permite a atacantes remotos ejecutar comandos SQL de su elección, a través del parámetro "category" en index.php. • http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2008-6234 – Mambo Component com_Musica - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6234
21 Feb 2009 — SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyeccion SQL en modulo de Joomla! com_musica y Mambo lo que permite a atacantes remotos ejecutar comandos SQL a su eleccion a traves del parametro "id" en index.php • https://www.exploit-db.com/exploits/5207 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2008-6222 – Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6222
20 Feb 2009 — Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. Vulnerabilidad de salto de directorio en el componente Pro Desk Support Center (com_pro_desk) v1.0 y v1.2 de Joomla! permite a atacantes remotos leer ficheros a su eleccion a traves de .. • https://www.exploit-db.com/exploits/6980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2008-6221 – Joomla! Component Dada Mail Manager 2.6 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6221
20 Feb 2009 — PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. Vulnerabilidad de inclusion remota de ficheros PHP en config.dadamail.php en el componente the Dada Mail Manager (com_dadamail)v2.6 para Joomla! lo que permitiria atacantes remotos ejecutar codigo PHP a su eleccion a traves de una URL en el parametro "GLOBALS[mosConfi... • https://www.exploit-db.com/exploits/7002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 2CVE-2008-6181 – Joomla! Component mad4Joomla! - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6181
19 Feb 2009 — SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mad4Joomla Mailforms (com_mad4joomla), antes de v1.1.8.2, para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "jid" a index.php. • https://www.exploit-db.com/exploits/6724 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 2CVE-2008-6182 – Joomla! Component Ignite Gallery 0.8.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6182
19 Feb 2009 — SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el componente Ignite Gallery (com_ignitegallery) v0.8.0 hasta v0.8.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "gallery" en una acción "view" de index.php. • https://www.exploit-db.com/exploits/6723 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6184 – Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6184
19 Feb 2009 — SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. Vulnerabilidad de inyección SQL en el componente OwnBiblio (com_ownbiblio) v1.5.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción "catalogue" de index.php. • https://www.exploit-db.com/exploits/6730 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •