CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-4617 – Joomla! Component actualite 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el módulo actualite v1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/5337 http://securityreason.com/securityalert/4437 http://www.securityfocus.com/bid/28565 https://exchange.xforce.ibmcloud.com/vulnerabilities/41579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2008-4102
https://notcve.org/view.php?id=CVE-2008-4102
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. Joomla! 1.5 anterior a v1.5.7 inicializa el PHP's PRNG con una semilla débil, lo que facilita a los atacantes obtener valores pseudo-aleatorios originados por la función PHP's mt_rand, como se ha demostrado obteniendo un reinicio de contraseña. Vulnerabilidad distinta de CVE-2008-3681. • http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4271 http://www.securityfocus.com/archive/1/496237/100/0/threaded http://www.sektioneins.de/advisories/SE-2008-04.txt http://www.suspekt.org • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2008-4105
https://notcve.org/view.php?id=CVE-2008-4105
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. JRequest en Joomla! 1.5 y versiones anteriores a 1.5.7 limpia correctamente variable establecidas con JRequest::setVar, el cual permite a los atacante remotos realizar un ataque de "inyección de variable" y tiene otras consecuencias no especificadas. • http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4275 http://securitytracker.com/id?1020843 https://exchange.xforce.ibmcloud.com/vulnerabilities/45069 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4103
https://notcve.org/view.php?id=CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. El componente mailto (alias com_mailto) en Joomla! 1.5 y versiones anteriores 1.5.7 que envía un mensaje de e-mail sin validar la URL, el cual permite a los atacantes remotos enviar spam. • http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4275 https://exchange.xforce.ibmcloud.com/vulnerabilities/45070 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-4104
https://notcve.org/view.php?id=CVE-2008-4104
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. Múltiples vulnerabilidades involuntarias de redirección en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elección y provocar ataques de phishing mediante una URL "de paso". • http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://securityreason.com/securityalert/4275 https://exchange.xforce.ibmcloud.com/vulnerabilities/45071 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •