CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 3CVE-2010-1472 – Joomla! Component Horoscope 1.5.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1472
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Daily Horoscope (com_horoscope) component 1.5.0 para Joomla!, permite a atacantes remotos leer ficheros locales de su elección a través de los caracteres ".." • https://www.exploit-db.com/exploits/12167 http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt http://secunia.com/advisories/39406 http://www.exploit-db.com/exploits/12167 http://www.vupen.com/english/advisories/2010/0859 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1461 – Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1461
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. Vulnerabilidad de salto de directorio en el componente Photo Battle (com_photobattle) v1.0.1 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro view en index.php. • https://www.exploit-db.com/exploits/12232 http://osvdb.org/63800 http://secunia.com/advisories/39469 http://www.exploit-db.com/exploits/12232 http://www.securityfocus.com/bid/39504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1372 – Joomla! Component HD FLV Player - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1372
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Una vulnerabilidad de inyección SQL en el componente reproductor de HD FLV (com_hdflvplayer) v1.3 de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en index.php. • https://www.exploit-db.com/exploits/33673 http://osvdb.org/62570 http://packetstormsecurity.org/1002-exploits/joomlahdflvplayer-sql.txt http://secunia.com/advisories/38691 http://www.securityfocus.com/bid/38401 https://exchange.xforce.ibmcloud.com/vulnerabilities/56516 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1363 – Joomla! Component com_j-projects - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-1363
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php. Vulnerabilidad de inyección SQL en el componente JProjects (com_j-projects) para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro project en una acción projects (proyectos) a index.php. • https://www.exploit-db.com/exploits/10988 http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt http://www.exploit-db.com/exploits/10988 http://www.securityfocus.com/bid/37608 http://www.vupen.com/english/advisories/2010/0049 https://exchange.xforce.ibmcloud.com/vulnerabilities/55361 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 6CVE-2010-1350 – Joomla! Component JP Jobs 1.2.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1350
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente JP Jobs (com_jp_jobs) v1.4.1 y anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción detail (detalle) a index.php. • https://www.exploit-db.com/exploits/12191 https://www.exploit-db.com/exploits/12037 http://packetstormsecurity.org/1004-exploits/joomlajpjobs-sql.txt http://secunia.com/advisories/39325 http://www.exploit-db.com/exploits/12037 http://www.joomlanetprojects.com/index.php/en/joomla-projects-downloads/joomla-1/joomla-1/38-comjpjobs.html http://www.securityfocus.com/bid/39191 http://www.xenuser.org/documents/security/joomla_com_jp_jobs_sql.txt https://exchange.xforce.ibmcloud.com/vulnerabilit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •