Vulnerabilites related to netshinesoftware - com_netinvoice
cve-2012-6514
Vulnerability from cvelistv5
Published
2013-01-24 01:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/53275 | vdb-entry, x_refsource_BID | |
http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html | x_refsource_MISC | |
http://secunia.com/advisories/49004 | third-party-advisory, x_refsource_SECUNIA | |
http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:28:39.839Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53275", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53275", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", }, { name: "49004", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49004", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-04-26T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-23T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "53275", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53275", }, { tags: [ "x_refsource_MISC", ], url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", }, { name: "49004", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49004", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6514", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53275", refsource: "BID", url: "http://www.securityfocus.com/bid/53275", }, { name: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", refsource: "MISC", url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", }, { name: "49004", refsource: "SECUNIA", url: "http://secunia.com/advisories/49004", }, { name: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-6514", datePublished: "2013-01-24T01:00:00", dateReserved: "2013-01-23T00:00:00", dateUpdated: "2024-08-06T21:28:39.839Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-4270
Vulnerability from cvelistv5
Published
2010-11-16 23:00
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/42186 | third-party-advisory, x_refsource_SECUNIA | |
http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html | x_refsource_CONFIRM | |
http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/44719 | vdb-entry, x_refsource_BID | |
http://osvdb.org/69066 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:43:13.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "42186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", }, { name: "44719", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/44719", }, { name: "69066", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/69066", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-11-16T23:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "42186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", }, { name: "44719", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/44719", }, { name: "69066", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/69066", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-4270", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "42186", refsource: "SECUNIA", url: "http://secunia.com/advisories/42186", }, { name: "http://www.nbill.co.uk/forum-smf/index.php/topic,2158.0.html", refsource: "CONFIRM", url: "http://www.nbill.co.uk/forum-smf/index.php/topic,2158.0.html", }, { name: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", refsource: "CONFIRM", url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", }, { name: "44719", refsource: "BID", url: "http://www.securityfocus.com/bid/44719", }, { name: "69066", refsource: "OSVDB", url: "http://osvdb.org/69066", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-4270", datePublished: "2010-11-16T23:00:00Z", dateReserved: "2010-11-16T00:00:00Z", dateUpdated: "2024-09-16T20:43:14.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3498
Vulnerability from cvelistv5
Published
2008-08-06 18:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/30752 | third-party-advisory, x_refsource_SECUNIA | |
https://www.exploit-db.com/exploits/5939 | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/29951 | vdb-entry, x_refsource_BID | |
http://securityreason.com/securityalert/4114 | third-party-advisory, x_refsource_SREASON | |
http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html | x_refsource_MISC | |
http://www.vupen.com/english/advisories/2008/1948/references | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/43369 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:37:27.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "30752", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30752", }, { name: "5939", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5939", }, { name: "29951", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29951", }, { name: "4114", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4114", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { name: "ADV-2008-1948", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1948/references", }, { name: "nbill-index-sql-injection(43369)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "30752", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30752", }, { name: "5939", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5939", }, { name: "29951", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29951", }, { name: "4114", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4114", }, { tags: [ "x_refsource_MISC", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { name: "ADV-2008-1948", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1948/references", }, { name: "nbill-index-sql-injection(43369)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3498", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "30752", refsource: "SECUNIA", url: "http://secunia.com/advisories/30752", }, { name: "5939", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/5939", }, { name: "29951", refsource: "BID", url: "http://www.securityfocus.com/bid/29951", }, { name: "4114", refsource: "SREASON", url: "http://securityreason.com/securityalert/4114", }, { name: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", refsource: "MISC", url: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", }, { name: "ADV-2008-1948", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1948/references", }, { name: "nbill-index-sql-injection(43369)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3498", datePublished: "2008-08-06T18:00:00", dateReserved: "2008-08-06T00:00:00", dateUpdated: "2024-08-07T09:37:27.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-7302
Vulnerability from cvelistv5
Published
2011-10-05 01:00
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
References
▼ | URL | Tags |
---|---|---|
http://www.nbill.co.uk/newsflash/important-security-announcement.html | x_refsource_CONFIRM | |
http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:03:36.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-05T01:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-7302", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", refsource: "CONFIRM", url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", }, { name: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", refsource: "CONFIRM", url: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-7302", datePublished: "2011-10-05T01:00:00Z", dateReserved: "2011-10-04T00:00:00Z", dateUpdated: "2024-09-17T02:02:36.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2008-08-06 18:41
Modified
2024-11-21 00:49
Severity ?
Summary
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netshinesoftware | com_netinvoice | 1.2.0 | |
joomla | joomla\! | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:1.2.0:sp1:*:*:*:*:*:*", matchCriteriaId: "767DBB2F-C810-45A5-B4D0-D57E4F82AECE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en el componente nBill (com_netinvoice) 1.2.0 SP1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción orders de index.php.\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros.", }, ], id: "CVE-2008-3498", lastModified: "2024-11-21T00:49:23.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-06T18:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30752", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/4114", }, { source: "cve@mitre.org", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29951", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1948/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/5939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30752", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1948/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/5939", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-01-24 01:55
Modified
2024-11-21 01:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netshinesoftware | com_netinvoice | 2.3.2 | |
joomla | joomla\! | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3B702410-F38F-4FCB-8291-DC92526CE50D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente nBill (com_nbill) versión 2.3.2 para Joomla!, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro message en una acción income en el archivo administrator/index.php.", }, ], id: "CVE-2012-6514", lastModified: "2024-11-21T01:46:15.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-01-24T01:55:05.240", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49004", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/53275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53275", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-05 02:56
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netshinesoftware | com_netinvoice | 1.2.0 | |
joomla | joomla\! | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:1.2.0:sp1:*:*:*:*:*:*", matchCriteriaId: "767DBB2F-C810-45A5-B4D0-D57E4F82AECE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el \"conocimiento de ... el contenido de un archivo encriptado\".", }, ], id: "CVE-2008-7302", lastModified: "2024-11-21T00:58:47.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-05T02:56:24.550", references: [ { source: "cve@mitre.org", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-11-17 01:00
Modified
2024-11-21 01:20
Severity ?
Summary
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netshinesoftware | com_netinvoice | * | |
netshinesoftware | com_netinvoice | * | |
netshinesoftware | com_netinvoice | * | |
joomla | joomla\! | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:*", matchCriteriaId: "F4B45661-A646-4F2A-A5E0-564C89F017FA", versionEndIncluding: "1.2_10", vulnerable: true, }, { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:std:*:*:*:*:*", matchCriteriaId: "486CE9D7-6B30-4623-A59A-EF010707B7FC", versionEndIncluding: "2.0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:lite:*:*:*:*:*", matchCriteriaId: "0F60EA83-CA38-4D04-89DF-9611A50D70D8", versionEndIncluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en el componente nBill (com_netinvoice) anterior a v2.0.9 standard edition, v2.0.10 lite edition, y v1.2_10 para Joomla! permite a atacantes remotos leer archivos arbitrarios a través de secuencias de salto de directorio mediante vectores no especificados relacionados con (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, o (4) components/com_netinvoice/netinvoice.php, tal y como se pudo comprobar en Noviembre de 2010.", }, ], evaluatorImpact: "Per: http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html\r\n\r\n'A security vulnerability has been discovered affecting ALL VERSIONS of nBill that were downloaded on or prior to 5th November 2010.'", id: "CVE-2010-4270", lastModified: "2024-11-21T01:20:35.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-11-17T01:00:05.403", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/69066", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/42186", }, { source: "cve@mitre.org", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/44719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/69066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/42186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/44719", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }