Vulnerabilites related to netshinesoftware - com_netinvoice
cve-2012-6514
Vulnerability from cvelistv5
Published
2013-01-24 01:00
Modified
2024-08-06 21:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:28:39.839Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "53275",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/53275",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
               },
               {
                  name: "49004",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49004",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-04-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-04-23T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "53275",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/53275",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
            },
            {
               name: "49004",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49004",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-6514",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "53275",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/53275",
                  },
                  {
                     name: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
                     refsource: "MISC",
                     url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
                  },
                  {
                     name: "49004",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/49004",
                  },
                  {
                     name: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-6514",
      datePublished: "2013-01-24T01:00:00",
      dateReserved: "2013-01-23T00:00:00",
      dateUpdated: "2024-08-06T21:28:39.839Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-4270
Vulnerability from cvelistv5
Published
2010-11-16 23:00
Modified
2024-09-16 20:43
Severity ?
Summary
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T03:43:13.341Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "42186",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42186",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
               },
               {
                  name: "44719",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/44719",
               },
               {
                  name: "69066",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/69066",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-11-16T23:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "42186",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42186",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
            },
            {
               name: "44719",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/44719",
            },
            {
               name: "69066",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/69066",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2010-4270",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "42186",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/42186",
                  },
                  {
                     name: "http://www.nbill.co.uk/forum-smf/index.php/topic,2158.0.html",
                     refsource: "CONFIRM",
                     url: "http://www.nbill.co.uk/forum-smf/index.php/topic,2158.0.html",
                  },
                  {
                     name: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
                     refsource: "CONFIRM",
                     url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
                  },
                  {
                     name: "44719",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/44719",
                  },
                  {
                     name: "69066",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/69066",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2010-4270",
      datePublished: "2010-11-16T23:00:00Z",
      dateReserved: "2010-11-16T00:00:00Z",
      dateUpdated: "2024-09-16T20:43:14.406Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-3498
Vulnerability from cvelistv5
Published
2008-08-06 18:00
Modified
2024-08-07 09:37
Severity ?
Summary
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
References
http://secunia.com/advisories/30752third-party-advisory, x_refsource_SECUNIA
https://www.exploit-db.com/exploits/5939exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/29951vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/4114third-party-advisory, x_refsource_SREASON
http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.htmlx_refsource_MISC
http://www.vupen.com/english/advisories/2008/1948/referencesvdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/43369vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T09:37:27.079Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "30752",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30752",
               },
               {
                  name: "5939",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/5939",
               },
               {
                  name: "29951",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/29951",
               },
               {
                  name: "4114",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/4114",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
               },
               {
                  name: "ADV-2008-1948",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1948/references",
               },
               {
                  name: "nbill-index-sql-injection(43369)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-06-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php.  NOTE: some of these details are obtained from third party information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "30752",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30752",
            },
            {
               name: "5939",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/5939",
            },
            {
               name: "29951",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/29951",
            },
            {
               name: "4114",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/4114",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
            },
            {
               name: "ADV-2008-1948",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1948/references",
            },
            {
               name: "nbill-index-sql-injection(43369)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-3498",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php.  NOTE: some of these details are obtained from third party information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "30752",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30752",
                  },
                  {
                     name: "5939",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/5939",
                  },
                  {
                     name: "29951",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/29951",
                  },
                  {
                     name: "4114",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/4114",
                  },
                  {
                     name: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html",
                     refsource: "MISC",
                     url: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html",
                  },
                  {
                     name: "ADV-2008-1948",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1948/references",
                  },
                  {
                     name: "nbill-index-sql-injection(43369)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-3498",
      datePublished: "2008-08-06T18:00:00",
      dateReserved: "2008-08-06T00:00:00",
      dateUpdated: "2024-08-07T09:37:27.079Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-7302
Vulnerability from cvelistv5
Published
2011-10-05 01:00
Modified
2024-09-17 02:02
Severity ?
Summary
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T12:03:36.592Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2011-10-05T01:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-7302",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
                     refsource: "CONFIRM",
                     url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
                  },
                  {
                     name: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html",
                     refsource: "CONFIRM",
                     url: "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-7302",
      datePublished: "2011-10-05T01:00:00Z",
      dateReserved: "2011-10-04T00:00:00Z",
      dateUpdated: "2024-09-17T02:02:36.379Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2008-08-06 18:41
Modified
2024-11-21 00:49
Severity ?
Summary
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
Impacted products
Vendor Product Version
netshinesoftware com_netinvoice 1.2.0
joomla joomla\! *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:1.2.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "767DBB2F-C810-45A5-B4D0-D57E4F82AECE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php.  NOTE: some of these details are obtained from third party information.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en el componente nBill (com_netinvoice) 1.2.0 SP1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción orders de index.php.\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros.",
      },
   ],
   id: "CVE-2008-3498",
   lastModified: "2024-11-21T00:49:23.277",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-08-06T18:41:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30752",
      },
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/4114",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/29951",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1948/references",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.exploit-db.com/exploits/5939",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30752",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/4114",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/29951",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1948/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.exploit-db.com/exploits/5939",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-01-24 01:55
Modified
2024-11-21 01:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
Impacted products
Vendor Product Version
netshinesoftware com_netinvoice 2.3.2
joomla joomla\! *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B702410-F38F-4FCB-8291-DC92526CE50D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente nBill (com_nbill) versión 2.3.2 para Joomla!, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro message en una acción income en el archivo administrator/index.php.",
      },
   ],
   id: "CVE-2012-6514",
   lastModified: "2024-11-21T01:46:15.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2013-01-24T01:55:05.240",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49004",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/53275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/53275",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2011-10-05 02:56
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
Impacted products
Vendor Product Version
netshinesoftware com_netinvoice 1.2.0
joomla joomla\! *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:1.2.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "767DBB2F-C810-45A5-B4D0-D57E4F82AECE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving \"knowledge of ... the contents of an encrypted file.\"",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el  \"conocimiento de ... el contenido de un archivo encriptado\".",
      },
   ],
   id: "CVE-2008-7302",
   lastModified: "2024-11-21T00:58:47.300",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2011-10-05T02:56:24.550",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.nbill.co.uk/newsflash/important-security-announcement.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-11-17 01:00
Modified
2024-11-21 01:20
Severity ?
Summary
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4B45661-A646-4F2A-A5E0-564C89F017FA",
                     versionEndIncluding: "1.2_10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:std:*:*:*:*:*",
                     matchCriteriaId: "486CE9D7-6B30-4623-A59A-EF010707B7FC",
                     versionEndIncluding: "2.0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:lite:*:*:*:*:*",
                     matchCriteriaId: "0F60EA83-CA38-4D04-89DF-9611A50D70D8",
                     versionEndIncluding: "2.0.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en el componente nBill (com_netinvoice) anterior a v2.0.9 standard edition, v2.0.10 lite edition, y v1.2_10 para Joomla! permite a atacantes remotos leer archivos arbitrarios a través de secuencias de salto de directorio mediante vectores no especificados relacionados con (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, o (4) components/com_netinvoice/netinvoice.php, tal y como se pudo comprobar en Noviembre de 2010.",
      },
   ],
   evaluatorImpact: "Per: http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html\r\n\r\n'A security vulnerability has been discovered affecting ALL VERSIONS of nBill that were downloaded on or prior to 5th November 2010.'",
   id: "CVE-2010-4270",
   lastModified: "2024-11-21T01:20:35.213",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-11-17T01:00:05.403",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/69066",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/42186",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/44719",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/69066",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/42186",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/44719",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}