CVE-2008-3228
https://notcve.org/view.php?id=CVE-2008-3228
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://www.joomla.org/content/view/5180/1 http://www.joomla.org/content/view/5180/1/1/1/#htaccess http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44206 • CWE-16: Configuration •
CVE-2008-3227
https://notcve.org/view.php?id=CVE-2008-3227
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. Vulnerabilidad sin especificar en versiones de Joomla! anteriores a 1.5.4 tienen un impacto desconocido y vectores de ataque relacionados con un "parche para Spam de redireccionamiento de usuario", posiblemente una vulnerabilidad abierta de redirección. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44205 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3226
https://notcve.org/view.php?id=CVE-2008-3226
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. La implementación del caché de archivos en versiones de Joomla! anteriores a la 1.5.4 permite a los atacantes el acceso a páginas cacheadas a través de vectores de ataque desconocidos. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 http://www.securityfocus.com/bid/30125 https://exchange.xforce.ibmcloud.com/vulnerabilities/43650 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5671
https://notcve.org/view.php?id=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar código PHP a su elección a través de una URL en el parámetro "mosConfig_absolute_path". • http://secunia.com/advisories/29106 http://securityreason.com/securityalert/4787 http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html http://www.securityfocus.com/archive/1/488126/100/200/threaded http://www.securityfocus.com/archive/1/488199/100/200/threaded http://www.securityfocus.com/bid/27795 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1935 – Joomla! Component Filiale 1.0.4 - 'idFiliale' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1935
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. Vulnerabilidad de inyección SQL en el componente Filiale para Joomla, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro idFiliale. • https://www.exploit-db.com/exploits/5488 http://www.securityfocus.com/bid/28900 http://www.vupen.com/english/advisories/2008/1346/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41980 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •