Page 3 of 62 results (0.003 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. JRequest en Joomla! 1.5 y versiones anteriores a 1.5.7 limpia correctamente variable establecidas con JRequest::setVar, el cual permite a los atacante remotos realizar un ataque de "inyección de variable" y tiene otras consecuencias no especificadas. • http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4275 http://securitytracker.com/id?1020843 https://exchange.xforce.ibmcloud.com/vulnerabilities/45069 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. El componente mailto (alias com_mailto) en Joomla! 1.5 y versiones anteriores 1.5.7 que envía un mensaje de e-mail sin validar la URL, el cual permite a los atacantes remotos enviar spam. • http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4275 https://exchange.xforce.ibmcloud.com/vulnerabilities/45070 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. Múltiples vulnerabilidades involuntarias de redirección en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elección y provocar ataques de phishing mediante una URL "de paso". • http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://securityreason.com/securityalert/4275 https://exchange.xforce.ibmcloud.com/vulnerabilities/45071 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0

Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." Versiones de Joomla! anteriores a 1.5.4 permiten a los atacantes el acceso a funciones de administración, con impacto desconocido y vectores de ataque relacionados con la falta de una actualizacion de seguridad de LDAP. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 http://www.securityfocus.com/bid/30125 https://exchange.xforce.ibmcloud.com/vulnerabilities/43648 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://www.joomla.org/content/view/5180/1 http://www.joomla.org/content/view/5180/1/1/1/#htaccess http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44206 • CWE-16: Configuration •