Search

Find a vulnerability

Search criteria

    162 vulnerabilities found for joomla by joomla

    CVE-2009-1940 (GCVE-0-2009-1940)

    Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/54869 vdb-entryx_refsource_OSVDB
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/35189 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35278 third-party-advisoryx_refsource_SECUNIA
    http://developer.joomla.org/security/news/295-200… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1497 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "joomla-comusers-xss(50924)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
              },
              {
                "name": "54869",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54869"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "joomla-comusers-xss(50924)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
            },
            {
              "name": "54869",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54869"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1940",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "joomla-comusers-xss(50924)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
                },
                {
                  "name": "54869",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54869"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1940",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1939 (GCVE-0-2009-1939)

    Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/35189 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35278 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/54870 vdb-entryx_refsource_OSVDB
    http://developer.joomla.org/security/news/296-200… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1497 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "joomla-japurity-xss(50922)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "name": "54870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54870"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "joomla-japurity-xss(50922)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "name": "54870",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54870"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "joomla-japurity-xss(50922)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "54870",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54870"
                },
                {
                  "name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1939",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1938 (GCVE-0-2009-1938)

    Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "joomla-adminpanel-xss(50923)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
              },
              {
                "name": "54868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/54868"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "joomla-adminpanel-xss(50923)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
            },
            {
              "name": "54868",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/54868"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "joomla-adminpanel-xss(50923)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
                },
                {
                  "name": "54868",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/54868"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1938",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1280 (GCVE-0-2009-1280)

    Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/34551 third-party-advisoryx_refsource_SECUNIA
    http://developer.joomla.org/security/news/293-200… x_refsource_CONFIRM
    Date Public
    2009-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "media-unspecified-csrf(49656)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
              },
              {
                "name": "34551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34551"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "media-unspecified-csrf(49656)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
            },
            {
              "name": "34551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34551"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "media-unspecified-csrf(49656)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
                },
                {
                  "name": "34551",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34551"
                },
                {
                  "name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1280",
        "datePublished": "2009-04-09T16:00:00.000Z",
        "dateReserved": "2009-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1279 (GCVE-0-2009-1279)

    Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34360",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34360"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
              },
              {
                "name": "34551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34551"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
              },
              {
                "name": "admin-search-unspecified-xss(49655)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
              },
              {
                "name": "content-categoryview-xss(49654)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34360",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34360"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
            },
            {
              "name": "34551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34551"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
            },
            {
              "name": "admin-search-unspecified-xss(49655)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
            },
            {
              "name": "content-categoryview-xss(49654)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1279",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34360",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34360"
                },
                {
                  "name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
                },
                {
                  "name": "34551",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34551"
                },
                {
                  "name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
                },
                {
                  "name": "admin-search-unspecified-xss(49655)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
                },
                {
                  "name": "content-categoryview-xss(49654)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1279",
        "datePublished": "2009-04-09T16:00:00.000Z",
        "dateReserved": "2009-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6299 (GCVE-0-2008-6299)

    Vulnerability from nvd – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
              },
              {
                "name": "32263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
              },
              {
                "name": "ADV-2008-3104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3104"
              },
              {
                "name": "32622",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32622"
              },
              {
                "name": "weblinks-title-description-xss(46523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
            },
            {
              "name": "32263",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
            },
            {
              "name": "ADV-2008-3104",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3104"
            },
            {
              "name": "32622",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32622"
            },
            {
              "name": "weblinks-title-description-xss(46523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6299",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
                },
                {
                  "name": "32263",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32263"
                },
                {
                  "name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
                },
                {
                  "name": "ADV-2008-3104",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3104"
                },
                {
                  "name": "32622",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32622"
                },
                {
                  "name": "weblinks-title-description-xss(46523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6299",
        "datePublished": "2009-02-26T16:00:00.000Z",
        "dateReserved": "2009-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5671 (GCVE-0-2008-5671)

    Vulnerability from nvd – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
    VLAI
    Summary
    PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/488126/100… mailing-listx_refsource_BUGTRAQ
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    http://secunia.com/advisories/29106 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27795 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/488199/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/4787 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:04:44.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
              },
              {
                "name": "29106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29106"
              },
              {
                "name": "27795",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27795"
              },
              {
                "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
              },
              {
                "name": "4787",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
            },
            {
              "name": "29106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29106"
            },
            {
              "name": "27795",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27795"
            },
            {
              "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
            },
            {
              "name": "4787",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5671",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
                },
                {
                  "name": "29106",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29106"
                },
                {
                  "name": "27795",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27795"
                },
                {
                  "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
                },
                {
                  "name": "4787",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5671",
        "datePublished": "2008-12-18T21:00:00.000Z",
        "dateReserved": "2008-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:04:44.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4105 (GCVE-0-2008-4105)

    Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=oss-security&m=122152798516853&w=2 mailing-listx_refsource_MLIST
    http://developer.joomla.org/security/news/271-200… x_refsource_CONFIRM
    http://secunia.com/advisories/31789 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=oss-security&m=122115344915232&w=2 mailing-listx_refsource_MLIST
    http://securityreason.com/securityalert/4275 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=oss-security&m=122118210029084&w=2 mailing-listx_refsource_MLIST
    http://securitytracker.com/id?1020843 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
              },
              {
                "name": "31789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31789"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "4275",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4275"
              },
              {
                "name": "joomla-jrequest-command-execution(45069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              },
              {
                "name": "1020843",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
            },
            {
              "name": "31789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31789"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "4275",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "joomla-jrequest-command-execution(45069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            },
            {
              "name": "1020843",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020843"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
                },
                {
                  "name": "31789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31789"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "4275",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4275"
                },
                {
                  "name": "joomla-jrequest-command-execution(45069)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                },
                {
                  "name": "1020843",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020843"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4105",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4104 (GCVE-0-2008-4104)

    Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:43.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "joomla-url-phishing(45071)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
              },
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "4275",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4275"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "joomla-url-phishing(45071)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
            },
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "4275",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "joomla-url-phishing(45071)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
                },
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "4275",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4275"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4104",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:43.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4102 (GCVE-0-2008-4102)

    Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "name": "4271",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4271"
              },
              {
                "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
              },
              {
                "name": "31789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31789"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
              },
              {
                "name": "joomla-randomnumbers-info-disclosure(45068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "name": "4271",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4271"
            },
            {
              "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
            },
            {
              "name": "31789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31789"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
            },
            {
              "name": "joomla-randomnumbers-info-disclosure(45068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "4271",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4271"
                },
                {
                  "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
                },
                {
                  "name": "31789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31789"
                },
                {
                  "name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
                  "refsource": "MISC",
                  "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
                },
                {
                  "name": "joomla-randomnumbers-info-disclosure(45068)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
                },
                {
                  "name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
                  "refsource": "MISC",
                  "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4102",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3227 (GCVE-0-2008-3227)

    Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "joomla-user-redirect-unspecified(44205)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "joomla-user-redirect-unspecified(44205)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "joomla-user-redirect-unspecified(44205)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3227",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3228 (GCVE-0-2008-3228)

    Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
              },
              {
                "name": "joomla-block-common-unspecified(44206)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
            },
            {
              "name": "joomla-block-common-unspecified(44206)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
                },
                {
                  "name": "joomla-block-common-unspecified(44206)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3228",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3225 (GCVE-0-2008-3225)

    Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "30125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30125"
              },
              {
                "name": "joomla-ldap-unauth-access(43648)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "30125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30125"
            },
            {
              "name": "joomla-ldap-unauth-access(43648)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "30125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30125"
                },
                {
                  "name": "joomla-ldap-unauth-access(43648)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3225",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3226 (GCVE-0-2008-3226)

    Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "30125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30125"
              },
              {
                "name": "joomla-filecaching-unauth-access(43650)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "30125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30125"
            },
            {
              "name": "joomla-filecaching-unauth-access(43650)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3226",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "30125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30125"
                },
                {
                  "name": "joomla-filecaching-unauth-access(43650)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3226",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2990 (GCVE-0-2008-2990)

    Vulnerability from nvd – Published: 2008-07-02 17:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/29904 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3967 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5915 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-06-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "facileforms-facileformsframe-file-include(43290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
              },
              {
                "name": "29904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29904"
              },
              {
                "name": "3967",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3967"
              },
              {
                "name": "5915",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "facileforms-facileformsframe-file-include(43290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
            },
            {
              "name": "29904",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29904"
            },
            {
              "name": "3967",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3967"
            },
            {
              "name": "5915",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "facileforms-facileformsframe-file-include(43290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
                },
                {
                  "name": "29904",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29904"
                },
                {
                  "name": "3967",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3967"
                },
                {
                  "name": "5915",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2990",
        "datePublished": "2008-07-02T17:00:00.000Z",
        "dateReserved": "2008-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1938 (GCVE-0-2009-1938)

    Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "joomla-adminpanel-xss(50923)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
              },
              {
                "name": "54868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/54868"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "joomla-adminpanel-xss(50923)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
            },
            {
              "name": "54868",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/54868"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "joomla-adminpanel-xss(50923)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
                },
                {
                  "name": "54868",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/54868"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1938",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1939 (GCVE-0-2009-1939)

    Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/35189 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35278 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/54870 vdb-entryx_refsource_OSVDB
    http://developer.joomla.org/security/news/296-200… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1497 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "joomla-japurity-xss(50922)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "name": "54870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54870"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "joomla-japurity-xss(50922)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "name": "54870",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54870"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "joomla-japurity-xss(50922)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "54870",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54870"
                },
                {
                  "name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1939",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1940 (GCVE-0-2009-1940)

    Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/54869 vdb-entryx_refsource_OSVDB
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/35189 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35278 third-party-advisoryx_refsource_SECUNIA
    http://developer.joomla.org/security/news/295-200… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1497 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:54.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "joomla-comusers-xss(50924)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
              },
              {
                "name": "54869",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54869"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
              },
              {
                "name": "35189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35189"
              },
              {
                "name": "35278",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35278"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
              },
              {
                "name": "ADV-2009-1497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "joomla-comusers-xss(50924)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
            },
            {
              "name": "54869",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54869"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
            },
            {
              "name": "35189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35189"
            },
            {
              "name": "35278",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35278"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
            },
            {
              "name": "ADV-2009-1497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1940",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "joomla-comusers-xss(50924)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
                },
                {
                  "name": "54869",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54869"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
                },
                {
                  "name": "35189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35189"
                },
                {
                  "name": "35278",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35278"
                },
                {
                  "name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
                },
                {
                  "name": "ADV-2009-1497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1940",
        "datePublished": "2009-06-05T18:13:00.000Z",
        "dateReserved": "2009-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:27:54.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1280 (GCVE-0-2009-1280)

    Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/34551 third-party-advisoryx_refsource_SECUNIA
    http://developer.joomla.org/security/news/293-200… x_refsource_CONFIRM
    Date Public
    2009-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "media-unspecified-csrf(49656)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
              },
              {
                "name": "34551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34551"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "media-unspecified-csrf(49656)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
            },
            {
              "name": "34551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34551"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1280",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "media-unspecified-csrf(49656)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
                },
                {
                  "name": "34551",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34551"
                },
                {
                  "name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1280",
        "datePublished": "2009-04-09T16:00:00.000Z",
        "dateReserved": "2009-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1279 (GCVE-0-2009-1279)

    Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34360",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34360"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
              },
              {
                "name": "34551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34551"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
              },
              {
                "name": "admin-search-unspecified-xss(49655)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
              },
              {
                "name": "content-categoryview-xss(49654)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34360",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34360"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
            },
            {
              "name": "34551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34551"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
            },
            {
              "name": "admin-search-unspecified-xss(49655)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
            },
            {
              "name": "content-categoryview-xss(49654)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1279",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34360",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34360"
                },
                {
                  "name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
                },
                {
                  "name": "34551",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34551"
                },
                {
                  "name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
                },
                {
                  "name": "admin-search-unspecified-xss(49655)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
                },
                {
                  "name": "content-categoryview-xss(49654)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1279",
        "datePublished": "2009-04-09T16:00:00.000Z",
        "dateReserved": "2009-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6299 (GCVE-0-2008-6299)

    Vulnerability from cvelistv5 – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
              },
              {
                "name": "32263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
              },
              {
                "name": "ADV-2008-3104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3104"
              },
              {
                "name": "32622",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32622"
              },
              {
                "name": "weblinks-title-description-xss(46523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
            },
            {
              "name": "32263",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
            },
            {
              "name": "ADV-2008-3104",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3104"
            },
            {
              "name": "32622",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32622"
            },
            {
              "name": "weblinks-title-description-xss(46523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6299",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
                },
                {
                  "name": "32263",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32263"
                },
                {
                  "name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
                },
                {
                  "name": "ADV-2008-3104",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3104"
                },
                {
                  "name": "32622",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32622"
                },
                {
                  "name": "weblinks-title-description-xss(46523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6299",
        "datePublished": "2009-02-26T16:00:00.000Z",
        "dateReserved": "2009-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5671 (GCVE-0-2008-5671)

    Vulnerability from cvelistv5 – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
    VLAI
    Summary
    PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/488126/100… mailing-listx_refsource_BUGTRAQ
    http://www.joomla.org/announcements/release-news/… x_refsource_CONFIRM
    http://secunia.com/advisories/29106 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27795 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/488199/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/4787 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:04:44.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
              },
              {
                "name": "29106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29106"
              },
              {
                "name": "27795",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27795"
              },
              {
                "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
              },
              {
                "name": "4787",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
            },
            {
              "name": "29106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29106"
            },
            {
              "name": "27795",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27795"
            },
            {
              "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
            },
            {
              "name": "4787",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5671",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
                },
                {
                  "name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
                },
                {
                  "name": "29106",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29106"
                },
                {
                  "name": "27795",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27795"
                },
                {
                  "name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
                },
                {
                  "name": "4787",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5671",
        "datePublished": "2008-12-18T21:00:00.000Z",
        "dateReserved": "2008-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:04:44.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4102 (GCVE-0-2008-4102)

    Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "name": "4271",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4271"
              },
              {
                "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
              },
              {
                "name": "31789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31789"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
              },
              {
                "name": "joomla-randomnumbers-info-disclosure(45068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "name": "4271",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4271"
            },
            {
              "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
            },
            {
              "name": "31789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31789"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
            },
            {
              "name": "joomla-randomnumbers-info-disclosure(45068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "4271",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4271"
                },
                {
                  "name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
                },
                {
                  "name": "31789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31789"
                },
                {
                  "name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
                  "refsource": "MISC",
                  "url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
                },
                {
                  "name": "joomla-randomnumbers-info-disclosure(45068)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
                },
                {
                  "name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
                  "refsource": "MISC",
                  "url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4102",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4104 (GCVE-0-2008-4104)

    Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:43.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "joomla-url-phishing(45071)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
              },
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "4275",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4275"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "joomla-url-phishing(45071)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
            },
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "4275",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "joomla-url-phishing(45071)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
                },
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "4275",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4275"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4104",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:43.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4105 (GCVE-0-2008-4105)

    Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=oss-security&m=122152798516853&w=2 mailing-listx_refsource_MLIST
    http://developer.joomla.org/security/news/271-200… x_refsource_CONFIRM
    http://secunia.com/advisories/31789 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=oss-security&m=122115344915232&w=2 mailing-listx_refsource_MLIST
    http://securityreason.com/securityalert/4275 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=oss-security&m=122118210029084&w=2 mailing-listx_refsource_MLIST
    http://securitytracker.com/id?1020843 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
              },
              {
                "name": "31789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31789"
              },
              {
                "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
              },
              {
                "name": "4275",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4275"
              },
              {
                "name": "joomla-jrequest-command-execution(45069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
              },
              {
                "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
              },
              {
                "name": "1020843",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
            },
            {
              "name": "31789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31789"
            },
            {
              "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
            },
            {
              "name": "4275",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4275"
            },
            {
              "name": "joomla-jrequest-command-execution(45069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
            },
            {
              "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
            },
            {
              "name": "1020843",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020843"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
                },
                {
                  "name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
                  "refsource": "CONFIRM",
                  "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
                },
                {
                  "name": "31789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31789"
                },
                {
                  "name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
                },
                {
                  "name": "4275",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4275"
                },
                {
                  "name": "joomla-jrequest-command-execution(45069)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
                },
                {
                  "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
                },
                {
                  "name": "1020843",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020843"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4105",
        "datePublished": "2008-09-18T17:47:00.000Z",
        "dateReserved": "2008-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3227 (GCVE-0-2008-3227)

    Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "joomla-user-redirect-unspecified(44205)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "joomla-user-redirect-unspecified(44205)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "joomla-user-redirect-unspecified(44205)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3227",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3228 (GCVE-0-2008-3228)

    Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
              },
              {
                "name": "joomla-block-common-unspecified(44206)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
            },
            {
              "name": "joomla-block-common-unspecified(44206)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
                },
                {
                  "name": "joomla-block-common-unspecified(44206)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3228",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3225 (GCVE-0-2008-3225)

    Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "30125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30125"
              },
              {
                "name": "joomla-ldap-unauth-access(43648)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "30125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30125"
            },
            {
              "name": "joomla-ldap-unauth-access(43648)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "30125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30125"
                },
                {
                  "name": "joomla-ldap-unauth-access(43648)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3225",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3226 (GCVE-0-2008-3226)

    Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.joomla.org/content/view/5180/1/"
              },
              {
                "name": "30125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30125"
              },
              {
                "name": "joomla-filecaching-unauth-access(43650)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.joomla.org/content/view/5180/1/"
            },
            {
              "name": "30125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30125"
            },
            {
              "name": "joomla-filecaching-unauth-access(43650)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3226",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
                },
                {
                  "name": "http://www.joomla.org/content/view/5180/1/",
                  "refsource": "CONFIRM",
                  "url": "http://www.joomla.org/content/view/5180/1/"
                },
                {
                  "name": "30125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30125"
                },
                {
                  "name": "joomla-filecaching-unauth-access(43650)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3226",
        "datePublished": "2008-07-18T16:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2990 (GCVE-0-2008-2990)

    Vulnerability from cvelistv5 – Published: 2008-07-02 17:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/29904 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3967 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5915 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-06-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "facileforms-facileformsframe-file-include(43290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
              },
              {
                "name": "29904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29904"
              },
              {
                "name": "3967",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3967"
              },
              {
                "name": "5915",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "facileforms-facileformsframe-file-include(43290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
            },
            {
              "name": "29904",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29904"
            },
            {
              "name": "3967",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3967"
            },
            {
              "name": "5915",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "facileforms-facileformsframe-file-include(43290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
                },
                {
                  "name": "29904",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29904"
                },
                {
                  "name": "3967",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3967"
                },
                {
                  "name": "5915",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2990",
        "datePublished": "2008-07-02T17:00:00.000Z",
        "dateReserved": "2008-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }