CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1878 – Joomla! Component OrgChart 1.0.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1878
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente OrgChart (com_orgchart) v1.0.0 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/12317 http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt http://www.exploit-db.com/exploits/12317 http://www.securityfocus.com/bid/39606 https://exchange.xforce.ibmcloud.com/vulnerabilities/58031 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1874 – Joomla! Component Real Estate Property 3.1.22-03 - 'aid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1874
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Real Estate Property (com_properties) v3.1.22-03 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro de ayuda en una acción agentlisting a index.php. • https://www.exploit-db.com/exploits/12136 http://secunia.com/advisories/39074 http://www.exploit-db.com/exploits/12136 http://www.securityfocus.com/bid/39374 https://exchange.xforce.ibmcloud.com/vulnerabilities/57765 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1877 – Joomla! Component JTM Reseller 1.9 Beta - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1877
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. Vulnerabilidad de inyección SQL en el componente JTM Reseller (com_jtm) v1.9 Beta para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro autor (author) en una acción de búsqueda a index.php. • https://www.exploit-db.com/exploits/12306 http://packetstormsecurity.org/1004-exploits/joomlajtmreseller-sql.txt http://www.exploit-db.com/exploits/12306 http://www.securityfocus.com/bid/39584 https://exchange.xforce.ibmcloud.com/vulnerabilities/57977 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 3CVE-2010-1858 – Joomla! Component SMEStorage - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1858
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente de Joolma! SMEStorage v1.1 (com_smestorage), permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en el parámetro "controller" sobre index.php. • https://www.exploit-db.com/exploits/11853 http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt http://secunia.com/advisories/39071 http://www.exploit-db.com/exploits/11853 http://www.securityfocus.com/bid/38911 https://exchange.xforce.ibmcloud.com/vulnerabilities/57108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1739 – Joomla! Component Newsfeeds - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1739
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. Vulnerabilidad de inyección SQL en el componente Newsfeeds (com_newsfeeds)para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro feedid en una acción categorías en index.php. • https://www.exploit-db.com/exploits/12465 http://packetstormsecurity.org/1004-exploits/joomlanewsfeeds-sql.txt http://www.exploit-db.com/exploits/12465 http://www.securityfocus.com/bid/39834 https://exchange.xforce.ibmcloud.com/vulnerabilities/58263 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •