CVE-2011-5148 – Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-5148
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. Mútiples vulnerabilidades de lista negra incompleta en el módulo Simple File Upload (mod_simplefileuploadv1.3) anteriores a v1.3.5 para Joomla! permite a atacantes remotos ejecutar código de su elección subiendo un archivo con la extensión (1) php5, (2) php6, o (3) doble extensión (ej. .php.jpg), para acceder al fichero mediante una solicitud directa en la ruta images/, como se ha explotado en enero de 2012. • https://www.exploit-db.com/exploits/18287 http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3 http://secunia.com/advisories/47370 http://wasen.net/index.php?option=com_content&view=article&id=87&Itemid=59 http://www.exploit-db.com/exploits/18287 http://www.osvdb.org/78122 http://www.securityfocus.com/bid/51214 http://www.securityfocus.com/bid/51234 https://exchange.xforce.ibmcloud.com/vulnerabilities/72023 •
CVE-2011-5113 – Joomla! Component Techfolio 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5113
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección de código SQL en frontend/models/techfoliodetail.php en el componente Techfolio (com_techfolio) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro catid. • https://www.exploit-db.com/exploits/18042 http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0 http://www.exploit-db.com/exploits/18042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-4823 – Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4823
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Vik Real Estate (com_vikrealestate) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) contract de una acción "results" y el parámetro (2) imm de una acción "show" de index.php. • https://www.exploit-db.com/exploits/18048 https://www.exploit-db.com/exploits/36592 http://docs.joomla.org/Vulnerable_Extensions_List#Vik_Real_Estate_1.0 http://www.exploit-db.com/exploits/18048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-5028 – Joomla! Component JE Job 1.0 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-5028
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Job (com_jejob) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción de "item" para index.php. • https://www.exploit-db.com/exploits/12782 https://www.exploit-db.com/exploits/12601 http://secunia.com/advisories/39837 http://www.exploit-db.com/exploits/12782 http://www.osvdb.org/64708 http://www.securityfocus.com/bid/40193 http://www.vupen.com/english/advisories/2010/1269 https://exchange.xforce.ibmcloud.com/vulnerabilities/58599 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4977 – Joomla! Component Canteen 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4977
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. Vulnerabilidad de inyección SQL en menu.php del componente Canteen (com_canteen) 1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro mealid de index.php. • https://www.exploit-db.com/exploits/34250 http://osvdb.org/66031 http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt http://secunia.com/advisories/40503 http://securityreason.com/securityalert/8495 http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt http://www.securityfocus.com/archive/1/512170/100/0/threaded http://www.securityfocus.com/bid/41358 https://exchange.xforce.ibmcloud.com/vulnerabilities/60103 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •