CVE-2008-5200 – Joomla! Component Xe webtv - 'id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-5200
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Xe webtv (com_xewebtv) para Joomla! permite a atacantes remotos ejecutar comandos arbitrarios SQL a través de parámetro id en una acción de detalle de index.php. • https://www.exploit-db.com/exploits/5966 http://securityreason.com/securityalert/4643 http://www.securityfocus.com/bid/30006 http://www.vupen.com/english/advisories/2008/1974/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4777 – Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. Vulnerabilidad de inyección de SQL en el componente Showroom Joomlearn LMS (com_lms) para Joomla! y Mambo permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro cat en una tarea showTests. • https://www.exploit-db.com/exploits/31595 http://archives.neohapsis.com/archives/bugtraq/2008-04/0031.html http://www.securityfocus.com/archive/1/490410/100/0/threaded http://www.securityfocus.com/bid/28586 https://exchange.xforce.ibmcloud.com/vulnerabilities/41614 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4617 – Joomla! Component actualite 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el módulo actualite v1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/5337 http://securityreason.com/securityalert/4437 http://www.securityfocus.com/bid/28565 https://exchange.xforce.ibmcloud.com/vulnerabilities/41579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-3712 – Mambo Open Source 4.6.2 - '/administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3712
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de Mambo 4.6.2 y 4.6.5, cuando register_globals está activado, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente a través de la (1) cadena de consulta en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php y el parámetro (2) mosConfig_sitename em administrator/popups/index3pop.php. • https://www.exploit-db.com/exploits/32252 https://www.exploit-db.com/exploits/32253 http://secunia.com/advisories/31528 http://securityreason.com/securityalert/4164 http://www.securityfocus.com/archive/1/495507/100/0/threaded http://www.securityfocus.com/bid/30708 https://exchange.xforce.ibmcloud.com/vulnerabilities/44502 https://exchange.xforce.ibmcloud.com/vulnerabilities/44503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2905 – Mambo 4.6.4 - Cache Lite Output Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-2905
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión de archivo remoto en PHP en includes/Cache/Lite/Output.php en el paquete Cache_Lite de Mambo 4.6.4 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/9906 https://www.exploit-db.com/exploits/16912 https://www.exploit-db.com/exploits/5808 http://secunia.com/advisories/30685 http://www.securityfocus.com/bid/29716 http://www.securitytracker.com/id?1020295 https://exchange.xforce.ibmcloud.com/vulnerabilities/43101 • CWE-94: Improper Control of Generation of Code ('Code Injection') •