EUVD-2010-2518

Malware in sbrugna...

CVE-2010-2515

Multiple SQL injection vulnerabilities in index.php in the JFaq comjfaq component 1.2 for Joomla!, when magicquotesgpc is disabled, allow 1 remote attackers to execute arbitrary SQL commands via the id parameter, and 2 remote authenticated users with "Public Front-end" permissions to execute...

CVE-2010-2514

Cross-site scripting XSS vulnerability in the JFaq comjfaq component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php...

CVE-2010-2515

Multiple SQL injection vulnerabilities in index.php in the JFaq comjfaq component 1.2 for Joomla!, when magicquotesgpc is disabled, allow 1 remote attackers to execute arbitrary SQL commands via the id parameter, and 2 remote authenticated users with "Public Front-end" permissions to execute...

CVE-2010-2514

Cross-site scripting XSS vulnerability in the JFaq comjfaq component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the JFaq comjfaq component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php...

Sql injection

Multiple SQL injection vulnerabilities in index.php in the JFaq comjfaq component 1.2 for Joomla!, when magicquotesgpc is disabled, allow 1 remote attackers to execute arbitrary SQL commands via the id parameter, and 2 remote authenticated users with "Public Front-end" permissions to execute...

CVE-2010-2515

CVE-2010-2515 affects Joomla! with the JFaq (com_jfaq) component 1.2. Multiple SQL injection flaws exist in index.php when magic_quotes_gpc is disabled. An unauthenticated remote attacker can exploit the id parameter to run arbitrary SQL commands, and remote authenticated users with "Public Front...

CVE-2010-2514

CVE-2010-2514 affects the JFaq (com_jfaq) component version 1.2 for Joomla!. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. The root cause is improper handling of...

CVE-2010-2515

Multiple SQL injection vulnerabilities in index.php in the JFaq comjfaq component 1.2 for Joomla!, when magicquotesgpc is disabled, allow 1 remote attackers to execute arbitrary SQL commands via the id parameter, and 2 remote authenticated users with "Public Front-end" permissions to execute...

CVE-2010-2514

Cross-site scripting XSS vulnerability in the JFaq comjfaq component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php...

Joomla JFaq 1.2 SQL Injection / Cross Site Scripting

Exploit Title: Joomla Component JFaq 1.2 Multiple Vulnerabilities Date: 11 May 2010 Author: jdc Version: 1.2 Tested on: PHP5, MySQL5 "title" input SQL injection --------------------------- title', select concatusername,char32,password from users where gid=25 limit 1, 1, 1, 1, 1, 1 -- ' id SQL...