CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3028
https://notcve.org/view.php?id=CVE-2010-3028
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 http://www.osvdb.org/66924 http://www.securityfocus.com/bid/42239 https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2919 – Joomla! Component StaticXT - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2919
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en el componente StaticXT (com_staticxt) de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de index.php. • https://www.exploit-db.com/exploits/14395 http://packetstormsecurity.org/1007-exploits/joomlastaticxt-sql.txt http://www.exploit-db.com/exploits/14395 https://exchange.xforce.ibmcloud.com/vulnerabilities/60462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 5CVE-2010-2918 – Joomla! Component Visites 1.1 RC2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-2918
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión de fichero remoto PHP en core/include/myMailer.class.php del componente Visites (com_joomla-visites) v1.1 RC2 de Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/14476 https://www.exploit-db.com/exploits/31708 http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt http://www.exploit-db.com/exploits/14476 http://www.securityfocus.com/bid/28942 http://www.vupen.com/english/advisories/2010/1925 https://exchange.xforce.ibmcloud.com/vulnerabilities/42025 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2010-2921 – Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2921
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. Vulnerabilidad de inyección SQL en el componente Golf Course Guide (com_golfcourseguide) v0.9.6.0 beta y 1 beta de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción golfcourses a index.php. • https://www.exploit-db.com/exploits/14448 http://packetstormsecurity.org/1007-exploits/joomlagolfcourseguide-sql.txt http://www.exploit-db.com/exploits/14448 https://exchange.xforce.ibmcloud.com/vulnerabilities/60608 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2923 – Joomla! Component YouTube 1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2923
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. Vulnerabilidad de inyección SQL en el complemento YouTube (com_youtube) v1.5 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id_cate" de index.php. • https://www.exploit-db.com/exploits/14467 http://packetstormsecurity.org/1007-exploits/joomlayoutube-sql.txt http://www.exploit-db.com/exploits/14467 http://www.securityfocus.com/bid/41938 https://exchange.xforce.ibmcloud.com/vulnerabilities/60624 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •