CVE-2010-1529 – Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1529
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php. Una vulnerabilidad de inyección SQL en el componente para Joomla! Freestyle FAQs Lite (com_fsf) permite a atacantes remotos ejecutar comandos SQL en una accion faq a través del parámetro faqid de index.php. • https://www.exploit-db.com/exploits/12078 http://packetstormsecurity.org/1004-exploits/joomlafreestyle-sql.txt http://secunia.com/advisories/39288 http://www.exploit-db.com/exploits/12078 http://www.securityfocus.com/bid/39220 https://exchange.xforce.ibmcloud.com/vulnerabilities/57588 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-6889 – FreeStyle Wiki 3.6.2 - 'user.dat' Password Disclosure
https://notcve.org/view.php?id=CVE-2006-6889
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. FreeStyle Wiki (fswiki) 3.6.2 y anteriores almacena información sensible bajo la raiz web con insuficientes controles de acceso, lo cual permite a atacantes remotos obtener contraseñas a través de una respuesta directa en config/user.dat. • https://www.exploit-db.com/exploits/3047 https://exchange.xforce.ibmcloud.com/vulnerabilities/31227 •
CVE-2006-3380
https://notcve.org/view.php?id=CVE-2006-3380
Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. Vulnerabilidad de complejidad algorítmica en versiones anteriores a 3.6.2 en FreeStyle Wiki, que permite a los atacantes remotos causar una denegación de servicios (agotamiento de CPU) desarrollando una diferencia entre largo, páginas manipuladas que lanzan el peor caso. • http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2006-7-3 http://jvn.jp/jp/JVN%2398836916/index.html http://secunia.com/advisories/20875 http://www.osvdb.org/26975 http://www.vupen.com/english/advisories/2006/2644 •
CVE-2005-1799
https://notcve.org/view.php?id=CVE-2005-1799
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15538 http://www.securityfocus.com/bid/13824 •