CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 4CVE-2010-2920 – Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2920
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt http://www.exploit-db.com/exploits/12120 http://www.securityfocus.com/bid/39341 http://www.vupen.com/english/advisories/2010/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2909 – Joomla! Component TTVideo 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2909
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. Vulnerabilidad de inyección SQL en ttvideo.php del componente para Joomla! TTVideo (com_ttvideo) v1.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción video sobre index.php. • https://www.exploit-db.com/exploits/14481 http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt http://osvdb.org/66630 http://secunia.com/advisories/40716 http://www.exploit-db.com/exploits/14481 http://www.securityfocus.com/archive/1/512685/100/0/threaded http://www.securityfocus.com/archive/1/512709/100/0/threaded http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file https://exchange.xforce.ibmcloud.com/vulnerabilities/60662 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 3CVE-2010-2908 – Joomla! Component Joomdle 0.24 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2908
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Joomdle (com_joomdle) v0.24 y anteriores para Joomla!, permite a atacantes remotos inyectar secuencias HTML de su elección a través del parámetro "course_id" en una acción detail(detalle) al index.php. • https://www.exploit-db.com/exploits/14466 http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt http://www.exploit-db.com/exploits/14466 http://www.vupen.com/english/advisories/2010/1923 https://exchange.xforce.ibmcloud.com/vulnerabilities/60623 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 4CVE-2010-2907 – Joomla! Component Huru Helpdesk - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2907
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! Huru Helpdesk (com_huruhelpdesk), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid[0] en una acción detail sobre index.php. • https://www.exploit-db.com/exploits/14449 http://packetstormsecurity.org/1004-exploits/joomlahuruhelpdesk-sql.txt http://www.exploit-db.com/exploits/14449 http://www.securityfocus.com/bid/39366 https://exchange.xforce.ibmcloud.com/vulnerabilities/60609 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2910 – Joomla! Component Ozio Gallery - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2910
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente the Ozio Gallery (com_oziogallery) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" en el index.php. • https://www.exploit-db.com/exploits/14462 http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt http://www.exploit-db.com/exploits/14462 https://exchange.xforce.ibmcloud.com/vulnerabilities/60618 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •