CVE-2010-2129 – JE Ajax Event Calendar - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2129
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en el componente JE Ajax Event Calendar (com_jeajaxeventcalendar) v1.0.1 y v1.0.3 para Joomla! • https://www.exploit-db.com/exploits/12598 http://packetstormsecurity.org/1005-exploits/joomlaajaxec-lfi.txt http://secunia.com/advisories/39836 http://www.exploit-db.com/exploits/12598 http://www.osvdb.org/64704 http://www.securityfocus.com/bid/40179 http://www.xenuser.org/2010/05/14/joomla-component-je-ajax-event-calendar-local-file-inclusion-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/58602 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-2050 – Joomla! Component MS Comment 0.8.0b - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2050
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Moron Solutions MS Comment (com_mscomment) v0.8.0b de Joomla! permite a atacantes remotos leer ficheros de su elección a través de .. • https://www.exploit-db.com/exploits/12611 http://packetstormsecurity.org/1005-exploits/joomlamscomment-lfi.txt http://www.exploit-db.com/exploits/12611 http://www.securityfocus.com/bid/40185 http://www.vupen.com/english/advisories/2010/1159 https://exchange.xforce.ibmcloud.com/vulnerabilities/58619 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-2046
https://notcve.org/view.php?id=CVE-2010-2046
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el componente ActiveHelper LiveHelp (com_activehelper_livehelp) v2.0.3 de Joomla! permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetroas (1) DOMAINID sobre server/cookies.php o (2) SERVER sobre server/index.php. • http://packetstormsecurity.org/1005-exploits/joomlaactivehelper-xss.txt http://secunia.com/advisories/39870 http://www.securityfocus.com/bid/40278 http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities http://xenuser.org/documents/security/joomla_com_activehelper_livehelp_xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2044 – Joomla! Component Komento 1.0.0 - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-2044
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Konsultasi (com_konsultasi) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid en la acción detail en index.php. • https://www.exploit-db.com/exploits/12590 http://osvdb.org/64637 http://packetstormsecurity.org/1005-exploits/joomlakonsultasi-sql.txt http://secunia.com/advisories/39816 http://www.exploit-db.com/exploits/12590 http://www.securityfocus.com/bid/40160 https://exchange.xforce.ibmcloud.com/vulnerabilities/58584 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-2045 – Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2045
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Dione Form Wizard (aka FDione or com_dioneformwizard) v1.0.2 de Joomla! permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en el parámetro "controller" sobre index.php. • https://www.exploit-db.com/exploits/12595 http://osvdb.org/64633 http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt http://secunia.com/advisories/39755 http://www.exploit-db.com/exploits/12595 http://www.securityfocus.com/bid/40166 https://exchange.xforce.ibmcloud.com/vulnerabilities/58574 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •