CVE-2009-4620 – Joomla! Component Joomloc 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4620
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. Vulnerabilidad de inyección SQL en el componente Joomloc (com_joomloc) v1.0 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "edit task" (editar tarea) de index.php. • https://www.exploit-db.com/exploits/9604 http://osvdb.org/57885 http://secunia.com/advisories/36654 http://www.exploit-db.com/exploits/9604 http://www.securityfocus.com/bid/36322 http://www.vupen.com/english/advisories/2009/2612 https://exchange.xforce.ibmcloud.com/vulnerabilities/53110 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4598 – Joomla! Component com_jphoto - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4598
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. Vulnerabilidad de inyeccion SQL en el componente JPhoto (com_jphoto) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQl arbitrarios a través del parámetro "id" en una acción "category" a index.php. • https://www.exploit-db.com/exploits/10367 http://osvdb.org/60864 http://packetstormsecurity.org/0912-exploits/joomlajphoto-sql.txt http://secunia.com/advisories/37676 http://www.exploit-db.com/exploits/10367 http://www.securityfocus.com/bid/37279 https://exchange.xforce.ibmcloud.com/vulnerabilities/54664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4576 – Joomla! Component com_beeheard - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4576
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php. Vulnerabilidad de inyección SQL en el componente BeeHeard (com_beeheard) v1.x para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro category_id en una acción suggestions en index.php. • https://www.exploit-db.com/exploits/10734 http://packetstormsecurity.org/0912-exploits/joomlabeeheard-sql.txt http://secunia.com/advisories/37872 http://www.exploit-db.com/exploits/10734 http://www.osvdb.org/61355 http://www.securityfocus.com/bid/37495 https://exchange.xforce.ibmcloud.com/vulnerabilities/55135 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4157 – Joomla! Component ProofReader 1.0 RC6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4157
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en index.php en el componente ProofReader (com_proofreader) v1.0 RC9 y anteriores para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la URI, el cuál no es manejado apropiadamente en 1) 404 o (2) páginas de error. • https://www.exploit-db.com/exploits/10291 http://websecurity.com.ua/3482 http://www.securityfocus.com/bid/37145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3822 – Joomla! Component Ajax Chat 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. Vulnerabilidad de subida de archivos sin restricción en el componente Fiji Web Design Ajax Chat (com_ajaxchat) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de URL en el parámetro GLOBALS[mosConfig_absolute_path] en tests/ajcuser.php. • https://www.exploit-db.com/exploits/9888 http://secunia.com/advisories/37087 http://www.packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt http://www.securityfocus.com/bid/36731 http://www.vupen.com/english/advisories/2009/2968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •