Search criteria
162 vulnerabilities found for joomla by joomla
CVE-2009-1940 (GCVE-0-2009-1940)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-comusers-xss(50924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"refsource": "OSVDB",
"url": "http://osvdb.org/54869"
},
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1940",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1939 (GCVE-0-2009-1939)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"refsource": "OSVDB",
"url": "http://osvdb.org/54870"
},
{
"name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1939",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1938 (GCVE-0-2009-1938)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1938",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1280 (GCVE-0-2009-1280)
Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "media-unspecified-csrf(49656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1280",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1279 (GCVE-0-2009-1279)
Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34360"
},
{
"name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1279",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6299 (GCVE-0-2008-6299)
Vulnerability from nvd – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6299",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-26T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5671 (GCVE-0-2008-5671)
Vulnerability from nvd – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5671",
"datePublished": "2008-12-18T21:00:00",
"dateReserved": "2008-12-18T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4105 (GCVE-0-2008-4105)
Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4105",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4104 (GCVE-0-2008-4104)
Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:43.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-url-phishing(45071)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-url-phishing(45071)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-url-phishing(45071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4104",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:43.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4102 (GCVE-0-2008-4102)
Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource": "MISC",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4102",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3225 (GCVE-0-2008-3225)
Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3225",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3228 (GCVE-0-2008-3228)
Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3228",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3227 (GCVE-0-2008-3227)
Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3227",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3226 (GCVE-0-2008-3226)
Vulnerability from nvd – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3226",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2990 (GCVE-0-2008-2990)
Vulnerability from nvd – Published: 2008-07-02 17:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2990",
"datePublished": "2008-07-02T17:00:00",
"dateReserved": "2008-07-02T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1938 (GCVE-0-2009-1938)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1938",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1940 (GCVE-0-2009-1940)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-comusers-xss(50924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"refsource": "OSVDB",
"url": "http://osvdb.org/54869"
},
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1940",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1939 (GCVE-0-2009-1939)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"refsource": "OSVDB",
"url": "http://osvdb.org/54870"
},
{
"name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1939",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1280 (GCVE-0-2009-1280)
Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "media-unspecified-csrf(49656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1280",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1279 (GCVE-0-2009-1279)
Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34360"
},
{
"name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1279",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6299 (GCVE-0-2008-6299)
Vulnerability from cvelistv5 – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6299",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-26T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5671 (GCVE-0-2008-5671)
Vulnerability from cvelistv5 – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5671",
"datePublished": "2008-12-18T21:00:00",
"dateReserved": "2008-12-18T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4105 (GCVE-0-2008-4105)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4105",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4104 (GCVE-0-2008-4104)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:43.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-url-phishing(45071)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-url-phishing(45071)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-url-phishing(45071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4104",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:43.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4102 (GCVE-0-2008-4102)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource": "MISC",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4102",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3225 (GCVE-0-2008-3225)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing \"LDAP security fix.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-ldap-unauth-access(43648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3225",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3228 (GCVE-0-2008-3228)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name": "joomla-block-common-unspecified(44206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3228",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3227 (GCVE-0-2008-3227)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a \"User Redirect Spam fix,\" possibly an open redirect vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "joomla-user-redirect-unspecified(44205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3227",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3226 (GCVE-0-2008-3226)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla \u003c1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3226",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2990 (GCVE-0-2008-2990)
Vulnerability from cvelistv5 – Published: 2008-07-02 17:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2990",
"datePublished": "2008-07-02T17:00:00",
"dateReserved": "2008-07-02T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}