CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4CVE-2010-1302 – Joomla! Component DW Graph - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1302
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en dwgraphs.php en el componente DecryptWeb DW Graphs v1.0 para Joomla!, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" a index.php • https://www.exploit-db.com/exploits/11978 http://osvdb.org/63345 http://packetstormsecurity.org/1003-exploits/joomladwgraph-lfi.txt http://secunia.com/advisories/39200 http://www.exploit-db.com/exploits/11978 http://www.securityfocus.com/bid/39108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2010-1265 – Joomla! Component dcsFlashGames 2.0RC1 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1265
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en Adam Corley dcsFlashGames (com_dcs_flashgames) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/11884 http://packetstormsecurity.org/1003-exploits/joomladcsflashgames-sql.txt http://secunia.com/advisories/39161 http://www.exploit-db.com/exploits/11884 http://www.securityfocus.com/bid/38981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1219 – Joomla! Component com_janews - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1219
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de salto de directorio en el componente JA News (com_janews) versión 1.0 para Joomla! • https://www.exploit-db.com/exploits/11757 http://secunia.com/advisories/38952 http://www.exploit-db.com/exploits/11757 http://www.securityfocus.com/bid/38746 https://exchange.xforce.ibmcloud.com/vulnerabilities/56901 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4CVE-2010-1217 – Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1217
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. Vulnerabilidad de salto de directorio en el componente JE Form Creator (com_jeformcr) para Joomla!, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos leer archivos de su elección a través de una secuencia de salto de directorio en el parámetro view en index.php. • https://www.exploit-db.com/exploits/11814 http://osvdb.org/63120 http://secunia.com/advisories/39063 http://www.exploit-db.com/exploits/11814 http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt http://www.securityfocus.com/bid/38866 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 13EXPL: 2CVE-2010-1081 – Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1081
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Community Polls (com_communitypolls) v1.5.2, y posiblemente anteriores, para Core Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11511 http://osvdb.org/62506 http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt http://secunia.com/advisories/38692 http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html http://www.securityfocus.com/bid/38330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •