CVE-2008-3227
https://notcve.org/view.php?id=CVE-2008-3227
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. Vulnerabilidad sin especificar en versiones de Joomla! anteriores a 1.5.4 tienen un impacto desconocido y vectores de ataque relacionados con un "parche para Spam de redireccionamiento de usuario", posiblemente una vulnerabilidad abierta de redirección. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/44205 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3226
https://notcve.org/view.php?id=CVE-2008-3226
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. La implementación del caché de archivos en versiones de Joomla! anteriores a la 1.5.4 permite a los atacantes el acceso a páginas cacheadas a través de vectores de ataque desconocidos. • http://www.joomla.org/content/view/5180/1 http://www.openwall.com/lists/oss-security/2008/07/12/2 http://www.securityfocus.com/bid/30125 https://exchange.xforce.ibmcloud.com/vulnerabilities/43650 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5671
https://notcve.org/view.php?id=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar código PHP a su elección a través de una URL en el parámetro "mosConfig_absolute_path". • http://secunia.com/advisories/29106 http://securityreason.com/securityalert/4787 http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html http://www.securityfocus.com/archive/1/488126/100/200/threaded http://www.securityfocus.com/archive/1/488199/100/200/threaded http://www.securityfocus.com/bid/27795 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1935 – Joomla! Component Filiale 1.0.4 - 'idFiliale' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1935
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. Vulnerabilidad de inyección SQL en el componente Filiale para Joomla, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro idFiliale. • https://www.exploit-db.com/exploits/5488 http://www.securityfocus.com/bid/28900 http://www.vupen.com/english/advisories/2008/1346/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41980 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-1533
https://notcve.org/view.php?id=CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. Vulnerabilidad no especificada en la extensión XML-RPC Blogger API de Joomla! 1.5 permite a atacantes remotos realizar operaciones de artículo no autorizadas en artículos a través de vectores desconocidos. • http://secunia.com/advisories/28861 http://www.joomla.org/content/view/4560/1 http://www.securityfocus.com/bid/27719 https://exchange.xforce.ibmcloud.com/vulnerabilities/41563 •