4 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente nBill (com_nbill) versión 2.3.2 para Joomla!, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro message en una acción income en el archivo administrator/index.php. • http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html http://secunia.com/advisories/49004 http://www.securityfocus.com/bid/53275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el "conocimiento de ... el contenido de un archivo encriptado". • http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html http://www.nbill.co.uk/newsflash/important-security-announcement.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. Vulnerabilidad de salto de directorio en el componente nBill (com_netinvoice) anterior a v2.0.9 standard edition, v2.0.10 lite edition, y v1.2_10 para Joomla! permite a atacantes remotos leer archivos arbitrarios a través de secuencias de salto de directorio mediante vectores no especificados relacionados con (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, o (4) components/com_netinvoice/netinvoice.php, tal y como se pudo comprobar en Noviembre de 2010. • http://osvdb.org/69066 http://secunia.com/advisories/42186 http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html http://www.securityfocus.com/bid/44719 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente nBill (com_netinvoice) 1.2.0 SP1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción orders de index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/5939 http://secunia.com/advisories/30752 http://securityreason.com/securityalert/4114 http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html http://www.securityfocus.com/bid/29951 http://www.vupen.com/english/advisories/2008/1948/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43369 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •