CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-0981 – Joomla! Component com_tpjobs - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0981
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php. Vulnerabilidad de inyección SQL en el componente TPJobs (com_tpjobs) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del componente id_c[] en una acción resadvsearch en index.php. • https://www.exploit-db.com/exploits/10950 http://osvdb.org/61477 http://packetstormsecurity.org/0912-exploits/joomlatpjobs-sql.txt http://secunia.com/advisories/38001 http://www.exploit-db.com/exploits/10950 http://www.securityfocus.com/bid/37591 http://www.vupen.com/english/advisories/2010/0023 https://exchange.xforce.ibmcloud.com/vulnerabilities/55350 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2010-0972 – Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0972
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Directory traversal vulnerability in the GCalendar (com_gcalendar) v2.1.5 para Joomla! permite a atacantes remotos incluir y ejecutar archivos locales de su elección al utilizar un caracter .. • https://www.exploit-db.com/exploits/11738 http://secunia.com/advisories/38925 http://www.exploit-db.com/exploits/11738 https://exchange.xforce.ibmcloud.com/vulnerabilities/56863 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0946 – Joomla! Component com_ksadvertiser - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0946
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pid en una accción showcats sobre index.php. • https://www.exploit-db.com/exploits/11068 http://explo.it/exploits/11068 http://www.securityfocus.com/bid/37682 https://exchange.xforce.ibmcloud.com/vulnerabilities/55526 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4CVE-2010-0943 – Joomla! Component com_jashowcase - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0943
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. Vulnerabilidad de salto de directorio en el componente para Joomla!JA Showcase (com_jashowcase), permite a atacantes remotos leer ficheros locales de su elección al utilizar caracteres .. • https://www.exploit-db.com/exploits/11090 http://packetstormsecurity.org/1001-exploits/joomlajashowcase-traversal.txt http://secunia.com/advisories/33486 http://www.exploit-db.com/exploits/11090 http://www.securityfocus.com/bid/37692 https://exchange.xforce.ibmcloud.com/vulnerabilities/55512 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2009-4679 – Joomla! Component com_if_nexus - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4679
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente para Joomla! inertialFATE iF Portfolio Nexus (com_if_nexus), permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. • https://www.exploit-db.com/exploits/10754 https://www.exploit-db.com/exploits/33440 http://secunia.com/advisories/37760 http://www.exploit-db.com/exploits/10754 http://www.osvdb.org/61382 http://www.securityfocus.com/bid/37473 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •