CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 4CVE-2010-1475 – Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1475
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Preventive & Reservation (com_preventive) v1.0.5 para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente tener otros impactos al utilizar caracteres ".." • https://www.exploit-db.com/exploits/12147 http://packetstormsecurity.org/1004-exploits/joomlapr-lfi.txt http://secunia.com/advisories/39285 http://www.exploit-db.com/exploits/12147 http://www.securityfocus.com/bid/39387 https://exchange.xforce.ibmcloud.com/vulnerabilities/57652 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1461 – Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1461
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente Photo Battle (com_photobattle) v1.0.1 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro view en index.php. • https://www.exploit-db.com/exploits/12232 http://osvdb.org/63800 http://secunia.com/advisories/39469 http://www.exploit-db.com/exploits/12232 http://www.securityfocus.com/bid/39504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1372 – Joomla! Component HD FLV Player - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1372
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Una vulnerabilidad de inyección SQL en el componente reproductor de HD FLV (com_hdflvplayer) v1.3 de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en index.php. • https://www.exploit-db.com/exploits/33673 http://osvdb.org/62570 http://packetstormsecurity.org/1002-exploits/joomlahdflvplayer-sql.txt http://secunia.com/advisories/38691 http://www.securityfocus.com/bid/38401 https://exchange.xforce.ibmcloud.com/vulnerabilities/56516 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1363 – Joomla! Component com_j-projects - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-1363
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php. Vulnerabilidad de inyección SQL en el componente JProjects (com_j-projects) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro project en una acción projects (proyectos) a index.php. • https://www.exploit-db.com/exploits/10988 http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt http://www.exploit-db.com/exploits/10988 http://www.securityfocus.com/bid/37608 http://www.vupen.com/english/advisories/2010/0049 https://exchange.xforce.ibmcloud.com/vulnerabilities/55361 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4CVE-2010-1353 – Joomla! Component LoginBox - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1353
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente LoginBox Pro (com_loginbox) para Joomla! permite a atacantes remotos leer ficheros de forma arbitraria a través de .. • https://www.exploit-db.com/exploits/12068 http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt http://secunia.com/advisories/39349 http://www.exploit-db.com/exploits/12068 http://www.securityfocus.com/bid/39212 http://www.vupen.com/english/advisories/2010/0808 https://exchange.xforce.ibmcloud.com/vulnerabilities/57533 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •