CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3028
https://notcve.org/view.php?id=CVE-2010-3028
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 http://www.osvdb.org/66924 http://www.securityfocus.com/bid/42239 https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2919 – Joomla! Component StaticXT - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2919
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en el componente StaticXT (com_staticxt) de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de index.php. • https://www.exploit-db.com/exploits/14395 http://packetstormsecurity.org/1007-exploits/joomlastaticxt-sql.txt http://www.exploit-db.com/exploits/14395 https://exchange.xforce.ibmcloud.com/vulnerabilities/60462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2010-2921 – Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2921
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. Vulnerabilidad de inyección SQL en el componente Golf Course Guide (com_golfcourseguide) v0.9.6.0 beta y 1 beta de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción golfcourses a index.php. • https://www.exploit-db.com/exploits/14448 http://packetstormsecurity.org/1007-exploits/joomlagolfcourseguide-sql.txt http://www.exploit-db.com/exploits/14448 https://exchange.xforce.ibmcloud.com/vulnerabilities/60608 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 5CVE-2010-2918 – Joomla! Component Visites 1.1 RC2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-2918
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión de fichero remoto PHP en core/include/myMailer.class.php del componente Visites (com_joomla-visites) v1.1 RC2 de Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/14476 https://www.exploit-db.com/exploits/31708 http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt http://www.exploit-db.com/exploits/14476 http://www.securityfocus.com/bid/28942 http://www.vupen.com/english/advisories/2010/1925 https://exchange.xforce.ibmcloud.com/vulnerabilities/42025 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 4CVE-2010-2920 – Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2920
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt http://www.exploit-db.com/exploits/12120 http://www.securityfocus.com/bid/39341 http://www.vupen.com/english/advisories/2010/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •