Page 8 of 113 results (0.009 seconds)

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2

Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de salto de directorio en el componente JA News (com_janews) versión 1.0 para Joomla! • https://www.exploit-db.com/exploits/11757 http://secunia.com/advisories/38952 http://www.exploit-db.com/exploits/11757 http://www.securityfocus.com/bid/38746 https://exchange.xforce.ibmcloud.com/vulnerabilities/56901 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 6%CPEs: 19EXPL: 4

Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente RokDownloads (com_rokdownloads) anterior v1.0.1 para Joomla! permite a atacantes remotos incluir o ejecutar archivos locales de su elección a través del caracer .. • https://www.exploit-db.com/exploits/11760 http://osvdb.org/62972 http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt http://secunia.com/advisories/38982 http://www.exploit-db.com/exploits/11760 http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released http://www.securityfocus.com/bid/38741 https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. Vulnerabilidad de inyección SQL en el componente JE Quiz (com_jequizmanagement) v1.b01 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "eid" en una acción "question" a index.php. • https://www.exploit-db.com/exploits/11287 http://osvdb.org/62039 http://packetstormsecurity.org/1001-exploits/joomlajequiz-sql.txt http://secunia.com/advisories/38412 http://www.exploit-db.com/exploits/11287 http://www.securityfocus.com/bid/38032 https://exchange.xforce.ibmcloud.com/vulnerabilities/56009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. Vulnerabilidad de inyección SQL en el componente JE Event Calendars (com_jeeventcalendar) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "event_id" en una acción "event" a index.php. • https://www.exploit-db.com/exploits/11292 http://osvdb.org/62038 http://secunia.com/advisories/38408 http://www.exploit-db.com/exploits/11292 http://www.securityfocus.com/bid/38012 https://exchange.xforce.ibmcloud.com/vulnerabilities/56008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 4

SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. Vulnerabilidad de inyección SQL en el componente casino (com_casino) v1.0 para Joomla! permite a atacantes remotos comandos SQL arbitrarios a través de el parámetro "id" en la acción (1) categoría o (2) player a index.php. • https://www.exploit-db.com/exploits/11237 http://packetstormsecurity.org/1001-exploits/joomlacasino1-sql.txt http://www.exploit-db.com/exploits/11237 http://www.securityfocus.com/bid/37938 https://exchange.xforce.ibmcloud.com/vulnerabilities/55846 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •