CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2515
https://notcve.org/view.php?id=CVE-2010-2515
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en index.php en el componente JFaq (com_jfaq) v1.2 para Joomla!, cuando está desactivado magic_quotes_gpc, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id, y (2) a usuarios remotos autenticados con permisos "Public Front-End" ejecutar comandos SQL de su elección a través del parámetro titlu (campo título). • http://osvdb.org/65695 http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt http://secunia.com/advisories/40219 http://www.securityfocus.com/bid/41029 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2464 – Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2464
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados ( XSS) en el componente RSComments (com_rscomments) v1.0.0 Rev 2 para Joomla! permite a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) website y (2) name en index.php. • https://www.exploit-db.com/exploits/13935 http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt http://secunia.com/advisories/40278 http://www.exploit-db.com/exploits/13935 http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html http://www.securityfocus.com/bid/40977 https://exchange.xforce.ibmcloud.com/vulnerabilities/59578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-2254 – Joomla! Component Bridge of Hope Template - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2254
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. Vulnerabilidad de inyección SQL en la plantilla "Shape5 Bridge of Hope" de Joomla! permite a los atacantes remotos ejecutar comandos SQL a su elección a través del parámetro "id" en una acción "article" a index.php. • https://www.exploit-db.com/exploits/10964 http://packetstormsecurity.org/1001-exploits/joomlaboh-sql.txt http://www.exploit-db.com/exploits/10964 http://www.securityfocus.com/bid/37602 http://www.vupen.com/english/advisories/2010/0019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 4CVE-2010-2259 – Joomla! Component com_bfsurvey - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2259
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en componente BF Survey (com_bfsurvey) de Jommla! permite a atacantes remotos añadir y ejecutar a su elección archivos locales a través de .. • https://www.exploit-db.com/exploits/10946 http://osvdb.org/61438 http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txt http://secunia.com/advisories/37866 http://www.exploit-db.com/exploits/10946 http://www.securityfocus.com/bid/37584 http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2255 – Joomla! Component com_bfsurvey_basic - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2255
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente BF Survey Pro (com_bfsurvey_pro) anterior v1.3.1, componente BF Survey Pro Free (com_bfsurvey_profree) v1.2.6, y componente BF Survey Basic anterior v1.2 para Joomla! permit a atacantes remotos ejecutar comandos SQL a través del parámetro catid en index.php. • https://www.exploit-db.com/exploits/10944 http://osvdb.org/61456 http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt http://secunia.com/advisories/37868 http://www.securityfocus.com/bid/37585 http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •