CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 3CVE-2009-3215 – Joomla! Component IXXO Cart! Standalone and - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3215
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 30EXPL: 2CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 http://secunia.com/advisories/33377 http://securityreason.com/securityalert/4896 http://www.securityfocus.com/bid/33143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 3CVE-2008-5053 – Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Vulnerabilidad de inclusión de archivo PHP remoto en admin.rssreader.php en el componente Simple RSS Reader (com_rssreader) 1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_live_site. • https://www.exploit-db.com/exploits/7096 http://osvdb.org/49859 http://securityreason.com/securityalert/4584 http://www.exploit-db.com/exploits/7096 http://www.securityfocus.com/bid/32265 http://www.vupen.com/english/advisories/2008/3119 https://exchange.xforce.ibmcloud.com/vulnerabilities/46559 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2008-3228
https://notcve.org/view.php?id=CVE-2008-3228
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://www.joomla.org/content/view/5180/1 http://www.joomla.org/content/view/5180/1/1/1/#htaccess http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44206 • CWE-16: Configuration •