CVE-2009-0378 – Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0378
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el componente beamospetition (com_beamospetition) 1.0.12 para Joomla! que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro pet en una acción sign. • https://www.exploit-db.com/exploits/7847 http://www.securityfocus.com/archive/1/500250/100/0/threaded http://www.securityfocus.com/bid/33391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0113 – Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0113
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Vulnerabilidad de salto de directorio en attachmentlibrary.php en el componente XStandard para Joomla! v1.5.8 y versiones anteriores permite a atacantes remotos listar directorios de su elección a través de .. • https://www.exploit-db.com/exploits/7691 http://secunia.com/advisories/33377 http://securityreason.com/securityalert/4896 http://www.securityfocus.com/bid/33143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-3225
https://notcve.org/view.php?id=CVE-2008-3225
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." Versiones de Joomla! anteriores a 1.5.4 permiten a los atacantes el acceso a funciones de administración, con impacto desconocido y vectores de ataque relacionados con la falta de una actualizacion de seguridad de LDAP. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 http://www.securityfocus.com/bid/30125 https://exchange.xforce.ibmcloud.com/vulnerabilities/43648 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3228
https://notcve.org/view.php?id=CVE-2008-3228
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://www.joomla.org/content/view/5180/1 http://www.joomla.org/content/view/5180/1/1/1/#htaccess http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44206 • CWE-16: Configuration •
CVE-2008-3227
https://notcve.org/view.php?id=CVE-2008-3227
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. Vulnerabilidad sin especificar en versiones de Joomla! anteriores a 1.5.4 tienen un impacto desconocido y vectores de ataque relacionados con un "parche para Spam de redireccionamiento de usuario", posiblemente una vulnerabilidad abierta de redirección. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44205 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •