B-HUNT3|2

17 exploits Active since Jan 2010
CVE-2010-0459 EXPLOITDB text WORKING POC
com_mochigames 0.51 - SQL Injection via id Parameter
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108756 EXPLOITDB text WORKING POC
Joomla! Component Jreservation - Blind SQL Injection
CVE-2010-0803 EXPLOITDB text WORKING POC
Joomla! com_jvideodirect 1.1 RC3b - SQL Injection
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
EIP-2026-108893 EXPLOITDB text SUSPICIOUS
Joomla! Component VirtueMart Module Customers_who_bought - SQL Injection
EIP-2026-108900 EXPLOITDB text WORKING POC
Joomla! Component Yelp - SQL Injection
EIP-2026-108387 EXPLOITDB text WORKING POC
Joomla! Component com_jbpublishdownfp - SQL Injection
EIP-2026-108428 EXPLOITDB text WORKING POC
Joomla! Component com_kunena - Blind SQL Injection
EIP-2026-108581 EXPLOITDB text WORKING POC
Joomla! Component com_virtuemart - order_status_id SQL Injection
CVE-2010-0801 EXPLOITDB text WRITEUP
AutartiTarot (com_autartitarot) 1.0.3 - Path Traversal
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0795 EXPLOITDB text WORKING POC
JE Event Calendars (com_jeeventcalendar) 1.0 - SQL Injection
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
CVE-2010-0796 EXPLOITDB text WORKING POC
JE Quiz (com_jequizmanagement) 1.b01 - SQL Injection via eid Parameter
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
EIP-2026-108729 EXPLOITDB text WORKING POC
Joomla! Component Job - SQL Injection
EIP-2026-108689 EXPLOITDB text WORKING POC
Joomla! Component JBDiary - Blind SQL Injection
CVE-2010-0467 EXPLOITDB MEDIUM text WRITEUP
com_ccnewsletter 1.0.5 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
CVSS 5.8
CVE-2010-0461 EXPLOITDB text WORKING POC
Joomla com_casino 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
EIP-2026-108317 EXPLOITDB text WORKING POC
Joomla! Component com_ContentBlogList - SQL Injection
CVE-2010-0456 EXPLOITDB text WORKING POC
indianpulse Game Server (com_gameserver) 1.2 - SQL Injection via grp Parameter
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.