CVE-2010-0610 – Joomla! Component com_photoblog - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0610
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. El componente Photoblog (com_photoblog) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "blog" en una acción images al index.php. • https://www.exploit-db.com/exploits/11337 http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt http://www.exploit-db.com/exploits/11337 http://www.securityfocus.com/bid/38136 https://exchange.xforce.ibmcloud.com/vulnerabilities/56135 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4233
https://notcve.org/view.php?id=CVE-2009-4233
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. ulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/mod_yj_whois.php en el componente YJ Whois v1.0x y v1.5.x para Joomla! permite a atacantes remotos inyectar código web o HTMl de su elección a través del parámetro domain de index.php. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://extensions.joomla.org/extensions/external-contents/domain-search/5774 http://secunia.com/advisories/37525 http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3946
https://notcve.org/view.php?id=CVE-2009-3946
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html http://secunia.com/advisories/37262 http://www.osvdb.org/59800 https://exchange.xforce.ibmcloud.com/vulnerabilities/54160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html http://osvdb.org/59801 http://secunia.com/advisories/37262 https://exchange.xforce.ibmcloud.com/vulnerabilities/54161 •
CVE-2009-3325 – Joomla! Component com_surveymanager 1.5.0 - 'stype' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3325
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. Vulnerabilidad de inyección SQL en el componente Focusplus Developments Survey Manager(com_surveymanager) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "stype" en una acción "editsurvey" a index.php. • https://www.exploit-db.com/exploits/9721 http://www.exploit-db.com/exploits/9721 http://www.securityfocus.com/bid/36464 http://www.vupen.com/english/advisories/2009/2705 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •