CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2682 – Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2682
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Realtyna Translator (com_realtyna) v1.0.15 para Joomla!, permite a atacantes remotos leer ficheros arbitrarios y tener posiblemente otro tipo de impacto no especificado al utilizar caracteres .. • https://www.exploit-db.com/exploits/14017 http://packetstormsecurity.org/1004-exploits/joomlarealtyna-lfi.txt http://www.exploit-db.com/exploits/14017 http://www.securityfocus.com/bid/39337 https://exchange.xforce.ibmcloud.com/vulnerabilities/57647 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2690 – Joomla! Component Gamesbox 1.0.2 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2690
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. Una vulnerabilidad de inyección SQL en el componente para Joomla! Gamesbox JOOFORGE (com_gamesbox) v1.0.2, (y posiblemente en versiones anteriores también) permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción consoles a index.php. • https://www.exploit-db.com/exploits/14126 http://www.exploit-db.com/exploits/14126 http://www.securityfocus.com/bid/41257 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2678
https://notcve.org/view.php?id=CVE-2010-2678
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente xmap (com_xmap) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro Itemid a index.php. • http://www.securityfocus.com/archive/1/510374/100/0/threaded http://www.securityfocus.com/bid/39035 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2679 – Joomla! Component com_weblinks - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2679
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el componente Weblinks (com_weblinks) de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción de vista a index.php. • https://www.exploit-db.com/exploits/33812 http://packetstormsecurity.org/1003-exploits/joomlaweblinks-sql.txt http://www.securityfocus.com/archive/1/510364/100/0/threaded http://www.securityfocus.com/bid/39032 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2622 – Joomla! Component Joomanager - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2622
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Una vulnerabilidad de inyección SQL en el componente Joomanager, posiblemente v1.1.1, para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro catid de index.php. • https://www.exploit-db.com/exploits/14127 http://www.exploit-db.com/exploits/14127 http://www.securityfocus.com/bid/41256 https://exchange.xforce.ibmcloud.com/vulnerabilities/59945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •