CVE-2008-3228
https://notcve.org/view.php?id=CVE-2008-3228
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. Joomla! anterior a 1.5.4 no aplica a .htaccess determinados controles de seguridad que bloquean exploits comunes a URLs con el plugin SEF, lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://www.joomla.org/content/view/5180/1 http://www.joomla.org/content/view/5180/1/1/1/#htaccess http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44206 • CWE-16: Configuration •
CVE-2008-3227
https://notcve.org/view.php?id=CVE-2008-3227
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. Vulnerabilidad sin especificar en versiones de Joomla! anteriores a 1.5.4 tienen un impacto desconocido y vectores de ataque relacionados con un "parche para Spam de redireccionamiento de usuario", posiblemente una vulnerabilidad abierta de redirección. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44205 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3226
https://notcve.org/view.php?id=CVE-2008-3226
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. La implementación del caché de archivos en versiones de Joomla! anteriores a la 1.5.4 permite a los atacantes el acceso a páginas cacheadas a través de vectores de ataque desconocidos. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 http://www.securityfocus.com/bid/30125 https://exchange.xforce.ibmcloud.com/vulnerabilities/43650 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5671
https://notcve.org/view.php?id=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar código PHP a su elección a través de una URL en el parámetro "mosConfig_absolute_path". • http://secunia.com/advisories/29106 http://securityreason.com/securityalert/4787 http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html http://www.securityfocus.com/archive/1/488126/100/200/threaded http://www.securityfocus.com/archive/1/488199/100/200/threaded http://www.securityfocus.com/bid/27795 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-4184
https://notcve.org/view.php?id=CVE-2007-4184
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. Vulnerabilidad de inyección SQL en administrator/popups/pollwindows.php de Jopomla! 1.0.12 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pollid. • http://www.securityfocus.com/archive/1/475066/100/0/threaded http://www.securityfocus.com/archive/1/480738/100/0/threaded http://www.securityfocus.com/archive/1/480757/100/0/threaded http://www.securityfocus.com/archive/1/480809/100/0/threaded •