jdc

CVE-2008-6882 EXPLOITDB text WORKING POC

com_livechat 1.0 - Server-Side Request Forgery via xmlhttp.php Proxy

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

View Code

CVE-2008-6881 EXPLOITDB text WORKING POC

com_livechat 1.0 - SQL Injection via last Parameter

Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.

View Code

EIP-2026-109939 EXPLOITDB text WORKING POC

Ninja RSS Syndicator 1.0.8 - Local File Inclusion

View Code

EIP-2026-108821 EXPLOITDB text WORKING POC

Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities

View Code

CVE-2010-2464 EXPLOITDB text WORKING POC

RSComments (com_rscomments) 1.0.0 Rev 2 - Cross-Site Scripting via Website and Name Parameters

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.

View Code

EIP-2026-108850 EXPLOITDB text WORKING POC

Joomla! Component rsmonials - Cross-Site Scripting

View Code

CVE-2008-6883 EXPLOITDB text WORKING POC

com_livechat 1.0 - SQL Injection via last parameter to getChatRoom.php

SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

CVE-2009-3335 EXPLOITDB text WORKING POC

TurtuShout 0.11 - SQL Injection via Name Field

SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.

View Code

EIP-2026-108916 EXPLOITDB text WRITEUP

Joomla! Plugin NoNumber Framework - Multiple Vulnerabilities

View Code

EIP-2026-108851 EXPLOITDB text WORKING POC

Joomla! Component Scriptegrator 1.5 - Local File Inclusion

View Code

EIP-2026-108785 EXPLOITDB text WORKING POC

Joomla! Component memorybook 1.2 - Multiple Vulnerabilities

View Code

EIP-2026-108789 EXPLOITDB php WORKING POC

Joomla! Component MisterEstate - Blind SQL Injection

View Code

EIP-2026-108603 EXPLOITDB text WRITEUP

Joomla! Component com_xmap 1.2.11 - Blind SQL Injection

View Code

EIP-2026-108658 EXPLOITDB text WORKING POC

Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion

View Code

CVE-2009-3342 EXPLOITDB php WORKING POC

AlphaUserPoints 1.5.2 - SQL Injection via Username2Points Parameter

SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.

View Code

EIP-2026-108733 EXPLOITDB text WRITEUP

Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2010-4898 EXPLOITDB bash WORKING POC

Gantry (com_gantry) 3.0.10 - SQL Injection via moduleid Parameter

SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.

View Code

EIP-2026-108205 EXPLOITDB text WORKING POC

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities

View Code

CVE-2009-4625 EXPLOITDB php WORKING POC

BF Survey Pro Free <1.2.6 - SQL Injection

SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.

View Code

EIP-2026-108234 EXPLOITDB text WORKING POC

Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities

View Code

EIP-2026-108280 EXPLOITDB text WORKING POC

Joomla! Component com_billyportfolio 1.1.2 - Blind SQL Injection

View Code

EIP-2026-108351 EXPLOITDB text WORKING POC

Joomla! Component com_forme 1.0.5 - Multiple Vulnerabilities

View Code

CVE-2010-0972 EXPLOITDB text WORKING POC

Joomla! com_gcalendar 2.1.5 - Path Traversal

Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

View Code

EIP-2026-108432 EXPLOITDB text WORKING POC

Joomla! Component com_listbingo 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-108448 EXPLOITDB text WRITEUP

Joomla! Component com_mtree 2.1.5 - Arbitrary File Upload

View Code