Joomla JCE 2.0.10 Path Traversal / Path Manipulation

www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media Manager 1.5.6.3, Template Manager 1.5.5, File Manager 1.5.4.1 & prior...

JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

Exploit for php platform in category web applications www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media Manager 1.5.6.3,...

Joomla JCE Component (com_jce) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Software: joomlacontenteditor comjce Vendor: www.joomlacontenteditor.net Vuln Type: BLind SQL Injection Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 check here Author: eidelweiss contact:...

CVE-2010-2461

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...

Sql injection

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...

Sql injection

SQL injection vulnerability in merchantproductlist.php in JCE-Tech Shareasale Script SASS 1 allows remote attackers to execute arbitrary SQL commands via the mechantid parameter...

CVE-2010-2460

CVE-2010-2460 affects JCE-Tech Shareasale Script (SASS) 1, where the file merchant_product_list.php contains an SQL injection vulnerability exposed via the mechant_id parameter. The root cause is unsanitized input leading to arbitrary SQL execution, enabling remote attackers to manipulate the dat...

CVE-2010-2461

CVE-2010-2461 describes a SQL injection vulnerability in the storecat.php script of JCE-Tech Overstock 1 , exploitable by supplying a crafted value to the store parameter to execute arbitrary SQL. The NVD entry assigns a CVSS v2 base score 7.5 (HIGH) , with network access, no authentication, and ...

CVE-2010-2461

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...

CVE-2010-0380

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...

CVE-2010-0380

The CVE-2010-0380 entry concerns JCE-Tech PHP Calendars (install.php) where a direct request can bypass access restrictions and allow modification of application settings. The vulnerability hinges on administrators not following recommendations in the product installation documentation. The provi...

CVE-2010-0380

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...

CVE-2010-0375

SQL injection vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...

Sql injection

SQL injection vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-0376

Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...

CVE-2010-0376

CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...

CVE-2010-0376

Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...

CVE-2010-0375

CVE-2010-0375 concerns a SQL injection vulnerability in product_list.php of JCE-Tech PHP Calendars, exploitable via the cat parameter to execute arbitrary SQL commands. The vulnerability is documented across multiple sources (NVD/NVD-derived listings, CVE records, and third-party references) with...

CVE-2009-3197

Cross-site scripting XSS vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter...