CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1073 – com_jembed - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-1073
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. Vulnerabilidad de inyección SQL en el componente jEmbed-Embed Anything (com_jembed)para Joomla! permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través del parámetro "catid" en una acción "summary" a index.php. • https://www.exploit-db.com/exploits/11026 http://osvdb.org/61510 http://secunia.com/advisories/38112 http://www.exploit-db.com/exploits/11026 http://www.vupen.com/english/advisories/2010/0047 https://exchange.xforce.ibmcloud.com/vulnerabilities/55443 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 6%CPEs: 19EXPL: 4CVE-2010-1056 – Joomla! Component com_rokdownloads - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1056
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente RokDownloads (com_rokdownloads) anterior v1.0.1 para Joomla! permite a atacantes remotos incluir o ejecutar archivos locales de su elección a través del caracer .. • https://www.exploit-db.com/exploits/11760 http://osvdb.org/62972 http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt http://secunia.com/advisories/38982 http://www.exploit-db.com/exploits/11760 http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released http://www.securityfocus.com/bid/38741 https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-1045 – Joomla! Component com_productbook - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1045
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en el componente Productbook (com_productbook) v1.0.4 for Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción detail sobre index.php. • https://www.exploit-db.com/exploits/11352 http://secunia.com/advisories/38466 http://www.exploit-db.com/exploits/11352 http://www.vupen.com/english/advisories/2010/0322 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-0981 – Joomla! Component com_tpjobs - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0981
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php. Vulnerabilidad de inyección SQL en el componente TPJobs (com_tpjobs) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del componente id_c[] en una acción resadvsearch en index.php. • https://www.exploit-db.com/exploits/10950 http://osvdb.org/61477 http://packetstormsecurity.org/0912-exploits/joomlatpjobs-sql.txt http://secunia.com/advisories/38001 http://www.exploit-db.com/exploits/10950 http://www.securityfocus.com/bid/37591 http://www.vupen.com/english/advisories/2010/0023 https://exchange.xforce.ibmcloud.com/vulnerabilities/55350 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0982 – Joomla! Component com_cartweberp - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0982
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente CARTwebERP (com_cartweberp)v1.56.75 para Joomla! permite a atacantes remotos leer archivos de su elección al utilizar caracteres .. • https://www.exploit-db.com/exploits/10942 http://osvdb.org/61447 http://packetstormsecurity.org/1001-exploits/joomlacartweberp-lfi.txt http://secunia.com/advisories/37917 http://www.securityfocus.com/bid/37581 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •