bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/36015.txt
Offensive Security 574c0f2df8 DB: 2017-01-10 
5 new exploits

DirectAdmin 1.50.1 - Denial of Service

Joomla! Component 'com_menu' - SQL Injection
Joomla! Component com_menu - SQL Injection
Joomla! Component 'com_pcchess' - Local File Inclusion
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component com_pcchess - Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection

Joomla! Component 'com_ca' - SQL Injection
Joomla! Component com_ca - SQL Injection

Joomla! Component 'com_education_classess' - SQL Injection
Joomla! Component education - SQL Injection

Joomla! Component 'com_Flashgames' - Local File Inclusion
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
Joomla! Component 'com_cvmaker' - Local File Inclusion
Joomla! Component 'com_myfiles' - Local File Inclusion
Joomla! Component CV Maker 1.0 - Local File Inclusion
Joomla! Component My Files 1.0 - Local File Inclusion
Joomla! Component 'com_joommail' - Local File Inclusion
Joomla! Component 'com_memory' - Local File Inclusion
Joomla! Component JoomMail 1.0 - Local File Inclusion
Joomla! Component Memory Book 1.2 - Local File Inclusion

Joomla! Component 'com_diary' - Local File Inclusion
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion

Joomla! Component 'com_jdrugstopics' - SQL Injection
Joomla! Component com_jdrugstopics - SQL Injection

Joomla! Component 'com_flexicontent' - Local File
Joomla! Component FLEXIcontent 1.5 - Local File Inclusion

Joomla! Component 'com_delicious' - Local File Inclusion
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion

Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_pandafminigames' - SQL Injection
Joomla! Component com_pandafminigames - SQL Injection

Joomla! Component 'com_caddy' - Exploit
Joomla! Component com_caddy - Exploit

Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload
Joomla! Component com_jesectionfinder - Arbitrary File Upload

Joomla! Component 'com_camp' - SQL Injection
Joomla! Component com_camp - SQL Injection
Joomla! Component 'com_crowdsource' - SQL Injection
Joomla! Component 'com_event' - Multiple Vulnerabilities
Joomla! Component com_crowdsource - SQL Injection
Joomla! Component com_event - Multiple Vulnerabilities

Joomla! Component 'com_event' - SQL Injection
Joomla! Component com_event - SQL Injection

Joomla! Component 'com_packages' - SQL Injection
Joomla! Component com_packages - SQL Injection

Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection
Joomla! Component JE Poll - 'pollid' Parameter SQL Injection
Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection
Joomla! Component 'com_chronocontact' - Blind SQL Injection
Joomla! Component ChronoConnectivity - Blind SQL Injection
Joomla! Component ChronoForms - Blind SQL Injection

Joomla! Component 'com_lead' - SQL Injection
Joomla! Component com_lead - SQL Injection

Joomla! Component 'com_cinema' - SQL Injection
Joomla! Component cinema - SQL Injection
Joomla! Component 'com_jstore' - SQL Injection
Joomla! Component 'com_jtickets' - SQL Injection
Joomla! Component 'com_jcommunity' - SQL Injection
Joomla! Component 'com_jmarket' - SQL Injection
Joomla! Component 'com_jsubscription' - SQL Injection
Joomla! Component com_jstore - SQL Injection
Joomla! Component com_jtickets - SQL Injection
Joomla! Component com_jcommunity - SQL Injection
Joomla! Component com_jmarket - SQL Injection
Joomla! Component com_jsubscription - SQL Injection

Joomla! Component 'com_jnewsletter' - SQL Injection
Joomla! Component com_jnewsletter - SQL Injection

Joomla! Component 'com_joomdocs' - Cross-Site Scripting
Joomla! Component com_joomdocs - Cross-Site Scripting
Joomla! Component 'com_community' - Persistent Cross-Site Scripting
Joomla! Component 'com_jomestate' - Remote File Inclusion
Joomla! Component com_community - Persistent Cross-Site Scripting
Joomla! Component com_jomestate - Remote File Inclusion

Joomla! Component 'com_jejob' - Local File Inclusion
Joomla! Component com_jejob - Local File Inclusion

Joomla! Component 'com_dateconverter' 0.1 - SQL Injection
Joomla! Component com_dateconverter 0.1 - SQL Injection

Joomla! Component 'com_phocagallery' - SQL Injection
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection

Joomla! Component 'com_jpodium' - SQL Injection
Joomla! Component JPodium 2.7.3 - SQL Injection

Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component MyHome - Blind SQL Injection
Joomla! Component MySMS - Arbitrary File Upload

Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component com_iproperty - SQL Injection

Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_itarmory - SQL Injection

Joomla! Component 'com_neorecruit' 1.4 - SQL Injection
Joomla! Component NeoRecruit 1.4 - SQL Injection

Joomla! Component 'com_equipment' - SQL Injection
Joomla! Component com_equipment - SQL Injection
Joomla! Component 'com_Fabrik' - SQL Injection
Joomla! Component 'com_extcalendar' - Blind SQL Injection
Joomla! Component Fabrik - SQL Injection
Joomla! Component com_extcalendar - Blind SQL Injection

Joomla! Component 'com_jejob' - SQL Injection
Joomla! Component JE Job - SQL Injection

Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload
Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload
Joomla! Component 'com_connect' - Local File Inclusion
Joomla! Component 'com_dcnews' - Local File Inclusion
Joomla! Component com_connect - Local File Inclusion
Joomla! Component com_dcnews - Local File Inclusion

Joomla! Component 'com_clan' - SQL Injection
Joomla! Component com_clan - SQL Injection

Joomla! Component 'com_clanlist' - SQL Injection
Joomla! Component com_clanlist - SQL Injection
Joomla! Component 'com_markt' - SQL Injection
Joomla! Component 'com_img' - Local File Inclusion
Joomla! Component com_markt - SQL Injection
Joomla! Component com_img - Local File Inclusion

Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities

Joomla! Component 'com_maianmedia' - SQL Injection
Joomla! Component com_maianmedia - SQL Injection

Joomla! Component 'com_idoblog' - SQL Injection
Joomla! Component com_idoblog - SQL Injection

Joomla! Component 'com_people' 1.0.0 - SQL Injection
Joomla! Component People 1.0.0 - SQL Injection

Joomla! Component 'com_people' 1.0.0 - Local File Inclusion
Joomla! Component com_people 1.0.0 - Local File Inclusion

Joomla! Component 'com_jce' - Blind SQL Injection
Joomla! Component joomlacontenteditor - Blind SQL Injection

Joomla! Component 'com_hello' - SQL Injection
Joomla! Component com_hello - SQL Injection

Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload
Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Joomla! Component 'com_jesubmit' - Local File Inclusion
Joomla! Component JE Story Submit - Local File Inclusion

Joomla! Component 'com_obSuggest' - Local File Inclusion
Joomla! Component obSuggest - Local File Inclusion

Joomla! Component 'com_jdirectory' - SQL Injection
Joomla! Component com_jdirectory - SQL Injection

Joomla! Component 'com_esearch' - SQL Injection
Joomla! Component Search 3.0.0 - SQL Injection

Joomla! Component 'com_joomtouch' - Local File Inclusion
Joomla! Component JoomTouch 1.0.2 - Local File Inclusion

Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities
Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities

Joomla! Component 'com_horses' - 'id' Parameter SQL Injection
Joomla! Component com_horses - 'id' Parameter SQL Injection

Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion
Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion

Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal
Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal

Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection
Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_dirfrm' - Multiple SQL Injections
Joomla! Component com_dirfrm - Multiple SQL Injections

Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion
Joomla! Component Catalogue - SQL Injection / Local File Inclusion
Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection
Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection
Joomla! Component Jeformcr - 'id' Parameter SQL Injection
Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection

Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_classified' - SQL Injection
Joomla! Component Classified - SQL Injection

Joomla! Component 'com_frontenduseraccess' - Local File Inclusion
Joomla! Component com_frontenduseraccess - Local File Inclusion

Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection
Joomla! Component com_clan_members - 'id' Parameter SQL Injection

Joomla! Component 'com_phocadownload' - Local File Inclusion
Joomla! Component com_phocadownload - Local File Inclusion

Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection
Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection

Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection
Joomla! Component Map Locator - 'cid' Parameter SQL Injection

Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection
Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection

Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection
Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection
Joomla! Component 'com_hospital' - SQL Injection
Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection
Joomla! Component Foto - 'id_categoria' Parameter SQL Injection
Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection
Joomla! Component com_hospital - SQL Injection
Joomla! Component Controller - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_newssearch' - SQL Injection
Joomla! Component com_newssearch - SQL Injection

Joomla! Component 'com_community' - 'userid' Parameter SQL Injection
Joomla! Component com_community - 'userid' Parameter SQL Injection

Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection
Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection

Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection
Joomla! Component com_expedition - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection
Joomla! Component com_br - 'state_id' Parameter SQL Injection

Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection
Joomla! Component com_caproductprices - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_br - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_full' - 'id' Parameter SQL Injection
Joomla! Component Full - 'id' Parameter SQL Injection
Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_car' - Multiple SQL Injections
Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion
Joomla! Component com_car - Multiple SQL Injections

Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload
Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload

Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection
Joomla! Component com_motor - 'cid' Parameter SQL Injection
Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection
Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection
Joomla! Component com_firmy - 'Id' Parameter SQL Injection
Joomla! Component com_crhotels - 'catid' Parameter SQL Injection

Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection
Joomla! Component com_cmotour - 'id' Parameter SQL Injection

Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection
Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection

Joomla! Component 'com_machine' - Multiple SQL Injections
Joomla! Component Machine - Multiple SQL Injections

Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection

Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection
Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection

Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection

Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection
Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection

Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload
Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload

Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection
Joomla! Component Inneradmission - 'index.php' SQL Injection

Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component 'com_payplans' 3.3.6 - SQL Injection
Joomla! Component com_payplans 3.3.6 - SQL Injection

Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

Joomla! Component 'com_bt_media' - SQL Injection
Joomla! Component com_bt_media 1.0 - SQL Injection

Joomla! Component 'com_guru' - SQL Injection
Joomla! Component Guru Pro - SQL Injection

DirectAdmin 1.50.1 - Denial of Service
Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
My Link Trader 1.1 - Authentication Bypass
My Php Dating 2.0 - 'path' Parameter SQL Injection
My Php Dating 2.0 - 'id' Parameter SQL Injection
2017-01-10 05:01:19 +00:00

7 lines
No EOL
480 B
Text
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/48983/info
The 'com_community' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/index.php?option=com_community&view=profile&userid=156
Reference in a new issue View git blame Copy permalink