Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/44206
http://www.openwall.com/lists/oss-security/2008/07/12/2