CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2CVE-2010-1723 – Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1723
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente iNetLanka Contact Us Draw Root Map (com_drawroot) v1.1 para Joomla!, permite a atacantes remotos leer archivos de su elección y posiblemente tener otro impacto no especificado a través de .. • https://www.exploit-db.com/exploits/12289 http://secunia.com/advisories/39524 http://www.exploit-db.com/exploits/12289 http://www.vupen.com/english/advisories/2010/0926 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1716 – Joomla! Component Agenda Address Book 1.0.1 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1716
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente Agenda Address Book (com_agenda) v1.0.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción de detalle a index.php. • https://www.exploit-db.com/exploits/12132 http://secunia.com/advisories/39238 http://www.exploit-db.com/exploits/12132 http://www.joomlanetprojects.com/index.php/en/joomla-projects-downloads/joomla-1/joomla-1/42-comagenda.html http://www.osvdb.org/63723 http://www.securityfocus.com/bid/39380 https://exchange.xforce.ibmcloud.com/vulnerabilities/57770 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 3CVE-2010-1719 – Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1719
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente MT Fire Eagle (com_mtfireeagle) v1.2 para Joomla!, permite a atacantes remotos leer archivos de su elección y posiblemente provocar otro impacto no especificado a través de .. • https://www.exploit-db.com/exploits/12233 http://osvdb.org/63806 http://packetstormsecurity.org/1004-exploits/joomlamtfireeagle-lfi.txt http://secunia.com/advisories/39470 http://www.exploit-db.com/exploits/12233 http://www.securityfocus.com/bid/39509 https://exchange.xforce.ibmcloud.com/vulnerabilities/57850 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1721 – Joomla! Component Intellectual Property 1.5.3 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1721
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. Vulnerabilidad de inyección SQL en el componente Intellectual Property (también conocido como IProperty or com_iproperty) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción agentproperties en index.php • https://www.exploit-db.com/exploits/12246 http://extensions.thethinkery.net http://osvdb.org/63750 http://secunia.com/advisories/39427 http://www.exploit-db.com/exploits/12246 http://www.securityfocus.com/bid/39495 https://exchange.xforce.ibmcloud.com/vulnerabilities/57875 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1720 – Joomla! Component Q-Personel 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1720
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php. Vulnerabilidad de inyección SQL en el componente Q-Personel (com_qpersonel) v1.0.2 y anteriores para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro katid en una acción qpListele sobre index.php. • https://www.exploit-db.com/exploits/12723 https://www.exploit-db.com/exploits/12200 http://osvdb.org/63894 http://secunia.com/advisories/39445 http://www.exploit-db.com/exploits/12200 http://www.securityfocus.com/bid/39466 http://www.xenuser.org/documents/security/qpersonel_sql.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/57775 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •