CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2009-0333 – Joomla! Component com_waticketsystem - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-0333
29 Jan 2009 — SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. Vulnerabilidad de inyección SQL en el componente WebAmoeba (WA) Ticket System (com_waticketsystem) para Joomla! que permitiría atacantes remotos ejecutar comandos SQL a través del parámetro "catid" en la acción category a index.php • https://www.exploit-db.com/exploits/7833 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-5957 – Joomla! Component mydyngallery 1.4.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5957
23 Jan 2009 — SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mydyngallery (com_mydyngallery) 1.4.2 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "directory" a index.php. • https://www.exploit-db.com/exploits/7343 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
09 Jan 2009 — Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 5CVE-2008-5874 – Joomla! Component 5starhotels - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5874
08 Jan 2009 — Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en Hotel Booking Reservation System (también conocido como HBS) para Joomla! permiten a atacantes remotos ejecutar coman... • https://www.exploit-db.com/exploits/7575 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 5CVE-2008-5875 – Joomla! Component 5starhotels - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5875
08 Jan 2009 — SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. Vulnerabilidad de inyección SQL en el componente com_lowcosthotels en Hotel Booking Reservation System (también conocido como HBS) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción showhoteldetai... • https://www.exploit-db.com/exploits/7575 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 5CVE-2008-5864 – Joomla! Component 5starhotels - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5864
06 Jan 2009 — SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. Vulnerabilidad de Inyección SQL en el componente Top Hotel (com_tophotelmodule) v1.0 en el Hotel Booking Reservation System (también conocido como HBS) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a tra... • https://www.exploit-db.com/exploits/7575 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2008-5865 – Joomla! Component 5starhotels - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5865
06 Jan 2009 — SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php. Vulnerabilidad de Inyección SQL en el componente com_hbssearch v1.0 en Hotel Booking Reservation System (alias HBS) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro r_type en la acción showhotelde... • https://www.exploit-db.com/exploits/7575 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5811 – Joomla! Component PAX Gallery 0.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-5811
02 Jan 2009 — SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php. Vulnerabilidad de inyección SQL en el componente PaxGallery (com_paxgallery) v0.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "gid" en una acción table a index.php. • https://www.exploit-db.com/exploits/7587 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-5789 – Joomla! Component Feederator 1.0.5 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-5789
31 Dec 2008 — Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. Múltiples vulnerabilidades de inclusión remota de fichero en el componente Recly Interactive Feederator... • https://www.exploit-db.com/exploits/7040 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5790 – Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-5790
31 Dec 2008 — Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el componente Recly!Competitions v1.0 (com_competitions)... • https://www.exploit-db.com/exploits/7039 • CWE-94: Improper Control of Generation of Code ('Code Injection') •