CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2008-6653 – Joomla! Component Webhosting - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6653
07 Apr 2009 — SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en webhosting.php en el modulo Webhosting (com_webhosting) anteriores a v1.1 RC7 para Joomla! y Mambo permite a atacantes remotos ejecutar comando SQL de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/5527 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6489 – Joomla! Component MyAlbum 1.0 - 'album' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6489
19 Mar 2009 — SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. Vulnerabildiad de inyección SQL en el componente MyAlbum (com_myalbum) 1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "album" a indexl.php. • https://www.exploit-db.com/exploits/5318 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 3CVE-2008-6482 – Joomla! Component Flash Tree Gallery 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6482
18 Mar 2009 — PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. Vulnerabilidad de inclusión remota de archivos en PHP en admin.treeg.php en el componente Flash Tree Gallery (com_treeg) v1.0 para Joomla!, cuando register_globals está habilitado, permite a atacantes remotos ejecutar código PHP de su elección mediante el parám... • https://www.exploit-db.com/exploits/6928 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
26 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar ... • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0726 – Joomla! Component gigCalendar 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0726
24 Feb 2009 — SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. Vulnerabilidad de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro gigcal_gigs_id en una acción details en index.php. • https://www.exploit-db.com/exploits/7746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2009-0730 – Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0730
24 Feb 2009 — Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. Múltiples vulnerabilidades ... • https://www.exploit-db.com/exploits/32807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2008-6222 – Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6222
20 Feb 2009 — Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. Vulnerabilidad de salto de directorio en el componente Pro Desk Support Center (com_pro_desk) v1.0 y v1.2 de Joomla! permite a atacantes remotos leer ficheros a su eleccion a traves de .. • https://www.exploit-db.com/exploits/6980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6148 – Joomla! Component Live Ticker 1.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6148
16 Feb 2009 — SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. Una vulnerabilidad de inyección de SQL en el componente Live Ticker (com_liveticker) 1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro tid en una acción viewticker en index.php. • https://www.exploit-db.com/exploits/7573 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6116 – Joomla! Component Thyme 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6116
11 Feb 2009 — SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. Vulnerabilidad de inyección SQL en el componente EXtrovert Software Thyme (com_thyme)v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "event" al index.php. • https://www.exploit-db.com/exploits/7182 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
09 Jan 2009 — Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •