CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4946
https://notcve.org/view.php?id=CVE-2009-4946
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de salto de directorio en el componente Messaging (com_messaging), en versiones anteriores a la 1.5.1 para Joomla!, permite a atacantes remotos incluir y ejecutar archivos locales a través de secuencias de salto de directorio en el parámetro controller en una acción de mensajes a index.php. • http://osvdb.org/53195 http://secunia.com/advisories/34562 http://www.securityfocus.com/bid/34365 https://exchange.xforce.ibmcloud.com/vulnerabilities/49650 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2009-4938
https://notcve.org/view.php?id=CVE-2009-4938
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. Vulnerabilidad de inyección SQL en el componente JVideo! (Com_jvideo) beta v0.3.11c y v0.3.x de Joomla! • http://www.exploit-db.com/exploits/8821 http://www.securityfocus.com/bid/35146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2694 – Joomla! Component redSHOP 1.0 - 'pid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2694
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. Vulnerabilidad de inyección SQL en el componente redSHOP (com_redshop) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pid para index.php • https://www.exploit-db.com/exploits/14312 https://www.exploit-db.com/exploits/27532 http://secunia.com/advisories/40535 http://www.exploit-db.com/exploits/14312 http://www.securityfocus.com/bid/41533 http://www.vupen.com/english/advisories/2010/1776 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2680 – Joomla! Component jesectionfinder - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2680
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. Vulnerabilidad de salto de directorio de en el componente para Joomla! JExtensions JE Section/Property Finder (jesectionfinder) permite a atacantes remotos incluir y ejecutar archivos locales a través de secuencias de salto de directorio en el parámetro view a index.php. • https://www.exploit-db.com/exploits/14064 http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt http://www.exploit-db.com/exploits/14064 http://www.securityfocus.com/bid/41163 https://exchange.xforce.ibmcloud.com/vulnerabilities/59796 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2010-2681 – Joomla! Component com_sef - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-2681
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. Vulnerabilidad de inclusion remota de archivo PHP en el componente para Joomla! SEF404x (com_sef) permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro mosConfig.absolute.path a index.php. • https://www.exploit-db.com/exploits/14055 http://www.exploit-db.com/exploits/14055 http://www.securityfocus.com/bid/41166 http://www.vupen.com/english/advisories/2010/1619 • CWE-94: Improper Control of Generation of Code ('Code Injection') •