CVE-2008-7302
https://notcve.org/view.php?id=CVE-2008-7302
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el "conocimiento de ... el contenido de un archivo encriptado". • http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html http://www.nbill.co.uk/newsflash/important-security-announcement.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4270
https://notcve.org/view.php?id=CVE-2010-4270
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. Vulnerabilidad de salto de directorio en el componente nBill (com_netinvoice) anterior a v2.0.9 standard edition, v2.0.10 lite edition, y v1.2_10 para Joomla! permite a atacantes remotos leer archivos arbitrarios a través de secuencias de salto de directorio mediante vectores no especificados relacionados con (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, o (4) components/com_netinvoice/netinvoice.php, tal y como se pudo comprobar en Noviembre de 2010. • http://osvdb.org/69066 http://secunia.com/advisories/42186 http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html http://www.securityfocus.com/bid/44719 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-3498 – Joomla! Component netinvoice 1.2.0 SP1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-3498
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente nBill (com_netinvoice) 1.2.0 SP1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción orders de index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/5939 http://secunia.com/advisories/30752 http://securityreason.com/securityalert/4114 http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html http://www.securityfocus.com/bid/29951 http://www.vupen.com/english/advisories/2008/1948/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43369 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •