Page 68 of 804 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5

CVE-2010-4365 – Joomla! Component JE Ajax Event Calendar - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4365

SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. Vulnerabilidad de inyección SQL en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro event_id en una acción alleventlist_more a index.php. • https://www.exploit-db.com/exploits/15610 https://www.exploit-db.com/exploits/13997 http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt http://secunia.com/advisories/39836 http://www.exploit-db.com/exploits/15610 http://www.securityfocus.com/bid/45050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2010-4270

https://notcve.org/view.php?id=CVE-2010-4270

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. Vulnerabilidad de salto de directorio en el componente nBill (com_netinvoice) anterior a v2.0.9 standard edition, v2.0.10 lite edition, y v1.2_10 para Joomla! permite a atacantes remotos leer archivos arbitrarios a través de secuencias de salto de directorio mediante vectores no especificados relacionados con (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, o (4) components/com_netinvoice/netinvoice.php, tal y como se pudo comprobar en Noviembre de 2010. • http://osvdb.org/69066 http://secunia.com/advisories/42186 http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html http://www.securityfocus.com/bid/44719 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4

CVE-2010-4268 – Joomla! Component Pulse Infotech Flip Wall - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4268

SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Pulse Infotech Flip Wall (com_flipwall) v1.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en index.php • https://www.exploit-db.com/exploits/15366 http://packetstormsecurity.org/1011-exploits/joomlaflipwall-sql.txt http://secunia.com/advisories/42073 http://www.exploit-db.com/exploits/15366 http://www.osvdb.org/68955 http://www.securityfocus.com/bid/44573 https://exchange.xforce.ibmcloud.com/vulnerabilities/62914 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

CVE-2010-4272 – Joomla! Component Sponsor Wall 1.1 - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4272

SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Pulse Infotech Sponsor Wall (com_sponsorwall) v1.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en index.php • https://www.exploit-db.com/exploits/15367 http://packetstormsecurity.org/1011-exploits/joomlasponsorwall-sql.txt http://secunia.com/advisories/42072 http://www.exploit-db.com/exploits/15367 http://www.osvdb.org/68956 http://www.securityfocus.com/bid/44571 https://exchange.xforce.ibmcloud.com/vulnerabilities/62915 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-3712

https://notcve.org/view.php?id=CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores que implican "multiple encoded entities", como es demostrado por la cadena de consulta a el archivo index.php en el componente com_weblinks o com_content. • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767 http://www.openwall.com/lists/oss-security/2010/10/08/4 http://www.openwall.com/lists/oss-security/2010/10/11/4 http://www.openwall.com/lists/oss-security/2011/03/13/8 http://www.openwall.com/lists/oss-security/2011/03/14/22 http://www.openwall.com/lists& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •