CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2008-5200 – Joomla! Component Xe webtv - 'id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-5200
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Xe webtv (com_xewebtv) para Joomla! permite a atacantes remotos ejecutar comandos arbitrarios SQL a través de parámetro id en una acción de detalle de index.php. • https://www.exploit-db.com/exploits/5966 http://securityreason.com/securityalert/4643 http://www.securityfocus.com/bid/30006 http://www.vupen.com/english/advisories/2008/1974/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2008-4777 – Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. Vulnerabilidad de inyección de SQL en el componente Showroom Joomlearn LMS (com_lms) para Joomla! y Mambo permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro cat en una tarea showTests. • https://www.exploit-db.com/exploits/31595 http://archives.neohapsis.com/archives/bugtraq/2008-04/0031.html http://www.securityfocus.com/archive/1/490410/100/0/threaded http://www.securityfocus.com/bid/28586 https://exchange.xforce.ibmcloud.com/vulnerabilities/41614 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-4617 – Joomla! Component actualite 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el módulo actualite v1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/5337 http://securityreason.com/securityalert/4437 http://www.securityfocus.com/bid/28565 https://exchange.xforce.ibmcloud.com/vulnerabilities/41579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 3CVE-2008-3712 – Mambo Open Source 4.6.2 - '/administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3712
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de Mambo 4.6.2 y 4.6.5, cuando register_globals está activado, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente a través de la (1) cadena de consulta en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php y el parámetro (2) mosConfig_sitename em administrator/popups/index3pop.php. • https://www.exploit-db.com/exploits/32252 https://www.exploit-db.com/exploits/32253 http://secunia.com/advisories/31528 http://securityreason.com/securityalert/4164 http://www.securityfocus.com/archive/1/495507/100/0/threaded http://www.securityfocus.com/bid/30708 https://exchange.xforce.ibmcloud.com/vulnerabilities/44502 https://exchange.xforce.ibmcloud.com/vulnerabilities/44503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2008-2990 – Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-2990
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. Vulnerabilidad de inclusión de archivo remoto en PHP en facileforms.frame.php del componente FacileForms (com_facileforms) 1.4.4 para Mambo y Joomla! permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro ff_compath. • https://www.exploit-db.com/exploits/5915 http://securityreason.com/securityalert/3967 http://www.securityfocus.com/bid/29904 https://exchange.xforce.ibmcloud.com/vulnerabilities/43290 • CWE-94: Improper Control of Generation of Code ('Code Injection') •